Hello,
you need to add TLS Allowed CN = "cn.of.your.certificate.that.is.used.by.the.console" e.g. TLS Allowed CN = "console.example.com" to your director's director resource. To your directors Am 09.09.2015 18:10, schrieb Peter Tiernan: > Hello, > > i am attempting to setup TLS encryption. Firstly im configuring director and > console by following > this guide: https://www.devco.net/pubwiki/Bacula/TLS/bconsole2director/ > > here is my bareos-dir.conf: > > Director { > Name = director1-dir > QueryFile = "/usr/lib/bareos/scripts/query.sql" > Maximum Concurrent Jobs = 2 > Password = "password" > Messages = Daemon > > # Transport encryption setup > TLS Enable = yes > TLS Require = yes > TLS Verify Peer = yes > TLS Key = "/etc/bareos/ssl/key.key" > TLS Certificate = "/etc/bareos/ssl/cert.pem" > TLS CA Certificate File = "/etc/bareos/ssl/ca.crt" > } > > and here is bconsole.conf: > > Director { > Name = director1-dir > DIRport = 9101 > address = director1.example.com > Password = "password" > > TLS Enable = yes > TLS Require = yes > TLS Key = "/etc/bareos/ssl/key.key" > TLS Certificate = "/etc/bareos/ssl/cert.crt" > TLS CA Certificate File = "/etc/bareos/ssl/ca.crt" > > } > > Director and console are on the same server, they key was generated and a > cert obtained from a CA. > But i get the following error on starting bconsole: > > Connecting to Director director1.example.com:9101 > Failed to initialize TLS context for Director "director1-dir". > > and from bareos.log: > > 09-Sep 14:37 director1-dir: ERROR in authenticate.c:430 TLS negotiation > failed. > 09-Sep 14:37 director1-dir: ERROR in authenticate.c:446 Unable to > authenticate console "*UserAgent*" > at client:xx.xx.xx.xx:9101. > > > any help would be greatly appreciated. > > thanks > -- Mit freundlichen Grüßen Philipp Storz [email protected] Bareos GmbH & Co. KG Phone: +49 221 63 06 93-92 http://www.bareos.com Fax: +49 221 63 06 93-10 Sitz der Gesellschaft: Köln | Amtsgericht Köln: HRA 29646 Geschäftsführer: Stephan Dühr, M. Außendorf, J. Steffens, P. Storz, M. v. Wieringen -- You received this message because you are subscribed to the Google Groups "bareos-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/d/optout.
