bacula_manual:bacula_tls_communications_encryption
The address of a section must match the CN name. In the below example for TLS connection to the Storage daemon, “mySD.network.net” must be in the CN field of the storage daemons certificate.
bacula-dir.conf
...
Storage {
...
Address = mySD.network.net
...
}
Certificates:
For clients creates certificates with 'Netscape Cert Type' = 'SSL Client'. For servers creates certificates with 'Netscape Cert Type' = 'SSL Server'.
For server's certificates CN's may have hostname, FQDN hostname, IP-address etc (after fixing bug 0001470).
Example certificates files names:
Director daemon - dir_s, dir_c; File daemon: fd_s, fd_c; Storage daemon: sd_s, sd_c; Console: console_c.
Configuration:
fd.conf
FileDaemon {
...
TLS Certificate = fd_c.pem
...
}
Director {
Name = dir
...
TLS Certificate = fd_s.pem
...
}
Director {
Name = mon
Monitor = yes
...
TLS Certificate = fd_s.pem
...
}
sd.conf
Storage {
...
TLS Certificate = sd_s.pem
...
}
Director {
Name = dir
...
TLS Certificate = sd_s.pem
...
}
Director {
Name = mon
Monitor = yes
...
TLS Certificate = sd_s.pem
...
}
dir.conf
Director {
...
TLS Certificate = dir_s.pem
...
}
Console {
Name = mon
...
TLS Certificate = dir_s.pem
...
}
Storage {
...
TLS Certificate = dir_c.pem
...
}
Client {
...
TLS Certificate = dir_c.pem
...
}
console.conf
Director {
...
TLS Certificate = console_c.pem
...
}
bacula_manual/bacula_tls_communications_encryption.txt · Last modified: 2010/02/09 08:20 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
