[Bacula-users] TLS Problem after create new certificates with error ...OpenSSL 1.1, enforce basicConstraints = CA:true in the certificate...

Mon, 23 Jan 2023 05:06:29 -0800 

My self signed root ca and my certs has to been outdated.

So I created a new ca key, self segned ca cert and new
certs for bacula director and all clients.

The issue is that the message appears so i cerated a
new ca cert so the
        basicConstraints = CA:true
also contains the ca cert

So I installed the new ca certs by copy to the director
and clients.

The tests on director server by using
status dir
status file=backup-fd
status storage
status file=client-fd

are running well. Also I can access again the director
with bconsole and bat without issues and error messages.

Th backup jobs for the backupserver itself also runs
without a problem.
But the jobs for the client will abort again with the message

...
23-Jan 12:35 client-fd JobId 65114: Error: tls.c:89 CA certificate is self signed. With OpenSSL 1.1, enforce basicConstraints = CA:true in the certificate creation to avoid this issue 23-Jan 12:34 backup-sd JobId 65114: Error: openssl.c:68 Connect failure: ERR=error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca 23-Jan 12:35 client-fd JobId 65114: Error: tls.c:96 Error with certificate at depth: 1, issuer = /C=DE/O=Me, subject = /C=DE/O=Me, ERR=19:self signed certificate in certificate chain 23-Jan 12:34 backup-sd JobId 65114: Fatal error: bnet.c:75 TLS Negotiation failed. 23-Jan 12:34 backup-sd JobId 65114: Fatal error: TLS negotiation failed with FD at "192.168.2.207:36572" 23-Jan 12:34 backup-sd JobId 65114: Fatal error: Incorrect authorization key from File daemon at client rejected. For help, please see: http://www.bacula.org/rel-manual/en/problems/Bacula_Frequently_Asked_Que.html 23-Jan 12:34 backup-sd JobId 65114: Security Alert: Unable to authenticate File daemon 23-Jan 12:35 client-fd JobId 65114: Error: openssl.c:68 Connect failure: ERR=error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed 
23-Jan 12:35 client-fd JobId 65114: Fatal error: TLS negotiation failed.
23-Jan 12:34 backup-dir JobId 65114: Fatal error: Bad response to Storage command: wanted 2000 OK storage 
, got 2902 Bad storage
...
I think there is no problem between director and client fd but between storage daemon and client. 

Any ideas whats happen?

I only replaced the tls certs and installed a new ca cert.

Cheers,




_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Reply via email to