Re: [Bacula-users] ERR=20:"unable to get local issuer certificate"

Wed, 11 Nov 2020 05:48:57 -0800 


On 11/10/20 2:11 PM, David Newman wrote:

Director: FreeBSD 12.2, bacula-server-9.6.6 from pkgs
Client: OpenBSD 6.8, bacula-client-9.6.5 from pkgs

After upgrading a bacula client's OS from OpenBSD 6.7 to 6.8, nightly
backups run successfully but throw this warning:

ERR=20:"unable to get local issuer certificate"



Perhaps a permissions issue? The bacula user doesn't have permissions to 
open the certificate file for reading.





This setup uses self-signed certificates and worked without errors or
warnings before this OS upgrade.

There has been no bacula configuration change on either the client or
director . A diff of the client bacula-fd.conf file (excerpted below)
before and after the upgrade shows no change.

I tried revoking the old client cert and generating a new one, but this
had no effect on the warning message.

I also tried command-line "openssl s_client -connect" commands both
ways. Both connections worked on the respective ports 9101 and 9102.

Besides the bacula client configuration -- which hasn't changed, aside
from pointing to new certs with the same filenames -- is there something
else that needs tweaking on the client?

Many thanks.

dn

-----

client bacula-fd.conf

Director {
   Name = nye-dir
  ..

   TLS Require = yes
   TLS Enable = yes
   TLS Verify Peer = yes

  # Allow only the Director to connect
   TLS Allowed CN = "backups.example.com"
   TLS CA Certificate File = /etc/bacula/cacert.pem
   TLS Certificate = /etc/bacula/client.pem
   TLS Key = /etc/bacula/client.key

}

..

FileDaemon {
   Name = client-fd
   FDport = 9102                  # where we listen for the director
   WorkingDirectory = /var/db/bacula
   Pid Directory = /var/run
   Maximum Concurrent Jobs = 20

   TLS Require = yes
   TLS Enable = yes

   TLS CA Certificate File = /etc/bacula/cacert.pem
   TLS Certificate = /etc/bacula/client.pem
   TLS Key = /etc/bacula/client.key

}



_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users



_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users






















					Reply via email to