On 15.04.2018 at 17:49 wrote 'Jörg Woll' via bareos-users: > I use keys and certs in .key and .crt format, my mistake. That explains a > lot. I was so happy to have found a guide ..... :) > I have given my server here 4 IPs and made 4 DNS entries. Resolution is > correct. Do I have to create a certificate for each daemon?
This is up to you. It makes sense to create a certificate for each used daemon Name. So if you name your director "bareos-dir", create a certificate with CN "cn=bareos-dir" and permit access to all required SDs and FDs for this CN. However, in principle you can make it work with only a single certificate "cn=myoneandonlycert". Configure the cert and key in all components and set "TLS Allowed CN = myoneandonlycert" in all components. With this all traffic would be encrypted, however, I would not consider this a secure or sane setup. > The example in your manual, run all services on a server, or are they > distributed in the network, so their own server? I would appreciate an answer. This does not matter. I'd work local as well as on separate servers. > When is the 18.2 in the nightly expected? I've been wrong here. It is part of bareos since 18.1.2. So it is already available in master. However, be aware that if you want to combine a bareos 18 director with a bareos 17 client, you have to disable TLS PSK by setting "TLS Psk Enable = no" -- Jörg Steffens joerg.steff...@bareos.com Bareos GmbH & Co. KG Phone: +49 221 630693-91 http://www.bareos.com Fax: +49 221 630693-10 Sitz der Gesellschaft: Köln | Amtsgericht Köln: HRA 29646 Komplementär: Bareos Verwaltungs-GmbH Geschäftsführer: S. Dühr, M. Außendorf, Jörg Steffens, P. Storz -- You received this message because you are subscribed to the Google Groups "bareos-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to bareos-users+unsubscr...@googlegroups.com. To post to this group, send email to firstname.lastname@example.org. For more options, visit https://groups.google.com/d/optout.