On 15.04.2018 at 17:49 wrote 'Jörg Woll' via bareos-users:
> I use keys and certs in .key and .crt format, my mistake. That explains a 
> lot. I was so happy to have found a guide ..... :)
> I have given my server here 4 IPs and made 4 DNS entries. Resolution is 
> correct. Do I have to create a certificate for each daemon?

This is up to you. It makes sense to create a certificate for each used
daemon Name. So if you name your director "bareos-dir", create a
certificate with CN "cn=bareos-dir" and permit access to all required
SDs and FDs for this CN. However, in principle you can make it work with
only a single certificate "cn=myoneandonlycert". Configure the cert and
key in all components and set "TLS Allowed CN = myoneandonlycert" in all
components. With this all traffic would be encrypted, however, I would
not consider this a secure or sane setup.


> The example in your manual, run all services on a server, or are they 
> distributed in the network, so their own server? I would appreciate an answer.

This does not matter. I'd work local as well as on separate servers.


> When is the 18.2 in the nightly expected?

I've been wrong here. It is part of bareos since 18.1.2. So it is
already available in master. However, be aware that if you want to
combine a bareos 18 director with a bareos 17 client, you have to
disable TLS PSK by setting "TLS Psk Enable      = no"


-- 
 Jörg Steffens                   joerg.steff...@bareos.com
 Bareos GmbH & Co. KG            Phone: +49 221 630693-91
 http://www.bareos.com           Fax:   +49 221 630693-10

 Sitz der Gesellschaft: Köln | Amtsgericht Köln: HRA 29646
 Komplementär: Bareos Verwaltungs-GmbH
 Geschäftsführer:
 S. Dühr, M. Außendorf, Jörg Steffens, P. Storz

-- 
You received this message because you are subscribed to the Google Groups 
"bareos-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to bareos-users+unsubscr...@googlegroups.com.
To post to this group, send email to bareos-users@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to