The address of a section must match the CN name. In the below example for TLS connection to the Storage daemon, “mySD.network.net” must be in the CN field of the storage daemons certificate.
bacula-dir.conf
... Storage { ... Address = mySD.network.net ... }
Certificates:
For clients creates certificates with 'Netscape Cert Type' = 'SSL Client'. For servers creates certificates with 'Netscape Cert Type' = 'SSL Server'.
For server's certificates CN's may have hostname, FQDN hostname, IP-address etc (after fixing bug 0001470).
Example certificates files names:
Director daemon - dir_s, dir_c; File daemon: fd_s, fd_c; Storage daemon: sd_s, sd_c; Console: console_c.
Configuration:
fd.conf
FileDaemon { ... TLS Certificate = fd_c.pem ... } Director { Name = dir ... TLS Certificate = fd_s.pem ... } Director { Name = mon Monitor = yes ... TLS Certificate = fd_s.pem ... }
sd.conf
Storage { ... TLS Certificate = sd_s.pem ... } Director { Name = dir ... TLS Certificate = sd_s.pem ... } Director { Name = mon Monitor = yes ... TLS Certificate = sd_s.pem ... }
dir.conf
Director { ... TLS Certificate = dir_s.pem ... } Console { Name = mon ... TLS Certificate = dir_s.pem ... } Storage { ... TLS Certificate = dir_c.pem ... } Client { ... TLS Certificate = dir_c.pem ... }
console.conf
Director { ... TLS Certificate = console_c.pem ... }