Re: [bareos-users] TLS encryption

Fri, 11 Sep 2015 02:24:01 -0700 

thanks for your reply.
i have tried that but its still the same. I might try to remint my key and cert, maybe its an issue with that. 



On 11/09/15 08:20, Philipp Storz wrote:

Hello,


you need to add TLS Allowed CN = 
"cn.of.your.certificate.that.is.used.by.the.console"

e.g.

TLS Allowed CN = "console.example.com"

to your director's director resource.

To your directors

Am 09.09.2015 18:10, schrieb Peter Tiernan:

Hello,

i am attempting to setup TLS encryption. Firstly im configuring director and 
console by following
this guide: https://www.devco.net/pubwiki/Bacula/TLS/bconsole2director/

here is my bareos-dir.conf:

Director {
   Name = director1-dir
   QueryFile = "/usr/lib/bareos/scripts/query.sql"
   Maximum Concurrent Jobs = 2
   Password = "password"
   Messages = Daemon

   # Transport encryption setup
   TLS Enable = yes
   TLS Require = yes
   TLS Verify Peer = yes
   TLS Key = "/etc/bareos/ssl/key.key"
   TLS Certificate = "/etc/bareos/ssl/cert.pem"
   TLS CA Certificate File = "/etc/bareos/ssl/ca.crt"
}

and here is bconsole.conf:

Director {
   Name = director1-dir
   DIRport = 9101
   address = director1.example.com
   Password = "password"

   TLS Enable = yes
   TLS Require = yes
   TLS Key = "/etc/bareos/ssl/key.key"
   TLS Certificate = "/etc/bareos/ssl/cert.crt"
   TLS CA Certificate File = "/etc/bareos/ssl/ca.crt"

}

Director and console are on the same server, they key was generated and a cert 
obtained from a CA.
But i get the following error on starting bconsole:

Connecting to Director director1.example.com:9101
Failed to initialize TLS context for Director "director1-dir".

and from bareos.log:

09-Sep 14:37 director1-dir: ERROR in authenticate.c:430 TLS negotiation failed.
09-Sep 14:37 director1-dir: ERROR in authenticate.c:446 Unable to authenticate console 
"*UserAgent*"
at client:xx.xx.xx.xx:9101.


any help would be greatly appreciated.

thanks





--
You received this message because you are subscribed to the Google Groups 
"bareos-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
For more options, visit https://groups.google.com/d/optout.






















					Reply via email to