>>>>>> On Wed, 18 Nov 2015 16:17:20 -0700, Devin Reade said: >> >> My alerting system tells me that I have some file daemons that have been >> merrily encrypting their data for quite a while. In particular, the >> expiry dates for the data encryption x509 certs are coming up soon. >> >> Well, this brings up an interesting question that I'd not really >> considered in depth: Given that you can only specify two keys >> in the bacula-fd.conf file, what is the best strategy during key >> rollover? That is, that time period after making a new client >> keypair available, and the retention time of the backups that were >> made with the old keypair? > > Does Bacula ever check for expired certs? I suspect not, so the question > about rollover strategy is a moot one.
Hello Martin: I know it checks for expired certs when using communication encryption, probably when initializing the TLS context. Don't know if its the same when encrypting data. > __Martin Regards, =========================================================================== Heitor Medrado de Faria - LPIC-III | ITIL-F | Bacula Systems Certified Administrator II Do you need Bacula training? http://bacula.us/video-classes/ I do Bacula training and deploy in any city of the world. More information: http://bacula.us/ +55 61 8268-4220 Site: http://bacula.us FB: heitor.faria =========================================================================== ------------------------------------------------------------------------------ _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
