I don't think the windows version of bacula has TLS compiled in. anyway, the problem you have there is that your host address in the client config is 192... while your certificate has a hostname as its CN, the host address in your director config must match the CN of the certificate.
I wrote some TLS documentation that may help you: http://www.devco.net/pubwiki/Bacula/TLS On 18/09/06, Yanik Doucet <[EMAIL PROTECTED]> wrote: > > > > > Hi everone, > > > > I'm trying to get TLS working. I'm new at Bacula but I'm already backing up > several Windows server and it works quite well. I'd like to throw in some > encryption. In fact I need to throw in some encryption, because some people > here aren't too crazy for open source software and encrypting everything > would just shut their mouth. Ok, where do I begin… I don't know jack about > TLS. Just to mention, I used the RPMs to install bacula. > > > > So here's the steps I took so far. > > > > As stated in the documentation, I made a certificate that way: > > openssl req -new -x509 -nodes -out bacula.pem -keyout bacula.pem -days > 3650 > > Now I was in my /etc/bacula directory on my CentOS 4.4 server when I issued > the openssl command, so the path to bacula.pem is /etc/bacula/bacula.pem > > > > Now I have to add some lines to to my config files. > > I started the simpliest way possible, I add these lines: > > TLS Enable = yes > TLS Require = yes > TLS Certificate = /etc/bacula/bacula.pem > TLS Key = /etc/bacula/bacula.pem > TLS CA Certificate File = /etc/bacula/bacula.pem > > > > > To the director part of bconsole.conf, to the director and storage part of > bacula-dir.conf, and to the director and storage part of bacula-sd.conf. > > > > > > Now the way I see it, I could connect to the director thru bconsole in an > encrypted manner and with 'status storage' see the status of the storage > deamon, in an encrypted manner too. > > > > Now as soon as I try to connect with bconsole, I get this: > > > > [EMAIL PROTECTED] bacula]# bconsole > > Connecting to Director 192.168.100.6:9101 > > 18-Sep 14:06 bconsole: Fatal error: bnet.c:502 TLS host certificate > verification failed. Host 192.168.100.6 did not match presented certificate > > TLS negotiation failed > > Director authorization problem. > > Most likely the passwords do not agree. > > If you are using TLS, there may have been a certificate validation error > during the TLS handshake. > > Please see > http://www.bacula.org/rel-manual/faq.html#AuthorizationErrors > for help. > > > > And this is where I'M lost. What's wrong with my TLS setting? > > > > Thanks > > > > > > Yanik > > > > > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys -- and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > > _______________________________________________ > Bacula-users mailing list > Bacula-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bacula-users > > > -- R.I.Pienaar http://www.devco.net ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
