Hey all, I have a working setup with jobs that work. Extended to two machines, and that also works. Now I would like to implement TLS for communication between the different machines, but I'm lost in options. (And I've reread docs many times).
For sake of simplicity: Two separate servers server01 on server01.example.com server02 on server02.example.com Director: bareos-dir on server01 Client1: bareos01-fd on server01 Client1: bareos02-fd on server02 Storage: bareos-sd on server01 bconsole: on server01 I am creating my own certificates. so can choose the Common Name in there. But up to now, no luck in getting it working, although certificates are valid. Probably due to my lack of understanding which Common Name should be used for which program on which server. Documentation is not making it any clearer, and the mailing list does not show explicit examples. Current error message in bconsole: Connect failure: ERR=error:140940F5:SSL routines:ssl3_read_bytes:unexpected record My questions: 1.Common Name to use Eg for bareos-dir. Should that be server01.example.com, or bareos-dir.server01.example.com or should I use a client certificate [email protected] Same holds for Client 1 and 2: what to use? Please note that I started with simple certificates for server01.example.com for Director, Client1 and Storage, but no luck there. Could someone write out this for the two clients, to make it easier to understand? 2. Name in config Should I keep with bareos-dir, bareos01-fd etc, or should those be FQDN names as well, eg bareos-dir.example.com? 3. Certificate checking Is the certificate checked against the name (bareos-dir etc), or against the server location? 4. bconsole Can bconsole also be secured, as there is no mention of that in the manual? With all the best for 2017, Michel -- You received this message because you are subscribed to the Google Groups "bareos-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/d/optout.
