[Bacula-users] Bacula-5.0.1 with self-signed certificates

Mon, 15 Mar 2010 19:39:28 -0700 

I have bacula-5.0.1 compiled with openssl support and installed on 
CentOS5.4(32bit).

All bacula daemons run on the same server - director, storage and file 
daemon. I can successfully backup local files and directories.

The problem is when I try to setup tls encryption (at some point I'll 
backup systems over the network). The error I'm getting is:
   ERR=18:self signed certificate

In bacula-dir.conf:
----
Client {
   Name = backupserver.domain.com-fd
   Address = backupserver.domain.com
   ...
   # Request encrypted communication with the client
   TLS Enable = yes
   TLS Require = yes
   TLS CA Certificate File = /etc/pki/tls/certs/cert.pem
   TLS Certificate = /etc/pki/tls/certs/backupserver.domain.com.crt
   TLS Key = /etc/pki/tls/certs/backupserver.domain.com.key
}

In bacula-fd.conf:
----
Director {
   Name = backupserver.domain.com-dir
   ...
   # Request encrypted communication with the server
   TLS Enable = yes
   TLS Require = yes
   TLS Verify Peer = yes
   TLS Allowed CN = "backupserver.domain.com"
   TLS CA Certificate File = /etc/pki/tls/certs/cert.pem
   TLS Certificate = /etc/pki/tls/certs/backupserver.domain.com.crt
   TLS Key = /etc/pki/tls/certs/backupserver.domain.com.key
}

Here is the full message on the console:
----
15-Mar 16:47 backupserver.domain.com-dir JobId 0: Error: tls.c:92 Error 
with certificate at depth: 0, issuer = /C=US/ST=California/L=San 
Diego/O=MyORG/OU=DEP/CN=backupserver.domain.com/emailaddress=someem...@address, 
subject = /C=US/ST=California/L=San 
Diego/O=UCSD/OU=CSE/CN=backupserver.domain.com/emailaddress=someem...@address, 
ERR=18:self signed certificate
15-Mar 16:47 backupserver.domain.com-dir JobId 0: Fatal error: TLS 
negotiation failed with FD at "backupserver.domain.com:9102".

Is it possible to use self-signed certificates with Bacula?
What am I doing wrong?

Any help is appreciated.

Thanks

------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Reply via email to