On 11/10/20 2:11 PM, David Newman wrote:
Director: FreeBSD 12.2, bacula-server-9.6.6 from pkgs Client: OpenBSD 6.8, bacula-client-9.6.5 from pkgs After upgrading a bacula client's OS from OpenBSD 6.7 to 6.8, nightly backups run successfully but throw this warning: ERR=20:"unable to get local issuer certificate"
Perhaps a permissions issue? The bacula user doesn't have permissions to open the certificate file for reading.
This setup uses self-signed certificates and worked without errors or warnings before this OS upgrade. There has been no bacula configuration change on either the client or director . A diff of the client bacula-fd.conf file (excerpted below) before and after the upgrade shows no change. I tried revoking the old client cert and generating a new one, but this had no effect on the warning message. I also tried command-line "openssl s_client -connect" commands both ways. Both connections worked on the respective ports 9101 and 9102. Besides the bacula client configuration -- which hasn't changed, aside from pointing to new certs with the same filenames -- is there something else that needs tweaking on the client? Many thanks. dn ----- client bacula-fd.conf Director { Name = nye-dir .. TLS Require = yes TLS Enable = yes TLS Verify Peer = yes # Allow only the Director to connect TLS Allowed CN = "backups.example.com" TLS CA Certificate File = /etc/bacula/cacert.pem TLS Certificate = /etc/bacula/client.pem TLS Key = /etc/bacula/client.key } .. FileDaemon { Name = client-fd FDport = 9102 # where we listen for the director WorkingDirectory = /var/db/bacula Pid Directory = /var/run Maximum Concurrent Jobs = 20 TLS Require = yes TLS Enable = yes TLS CA Certificate File = /etc/bacula/cacert.pem TLS Certificate = /etc/bacula/client.pem TLS Key = /etc/bacula/client.key } _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
_______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users