On Tue, 9 Apr 2013 14:07:03 +0200 (CEST)
looper AT gmx DOT li wrote:

[...]
> Then I do a successfully backup job to a Debian Squeeze client
> (Bacula version 5.0.2-2.2 und OpenSSL version 0.9.8o-4).
> But the second backup job to a Debian Wheezy client (Bacula version
> 5.2.6+dfsg-8 und OpenSSL version 1.0.1e-2) fails with following
> message:

> 09-Apr 13:23 baculaclient JobId 690: Error: openssl.c:86 Connect
> failure: ERR=error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

> 09-Apr 13:23 bacula-sd JobId 690: Error: openssl.c:86 Connect failure:
> ERR=error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca

^^^ This. The client presents the SD a certificate signed by a CA the
SD does not trust.

So I would first run something like

  $ openssl x509 -noout -text -in client-cert.pem

on both your clients and see if they are really signed by the same CA --
look for "X509v3 Authority Key Identifier" in the output.

I, for one, can think of other reasons for this scenario but we need
more information on your PKI setup to do educated guesses.

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users