User Tools

Site Tools


Action disabled: register
bacula_manual:bacula_tls_communications_encryption

The address of a section must match the CN name. In the below example for TLS connection to the Storage daemon, “mySD.network.net” must be in the CN field of the storage daemons certificate.

bacula-dir.conf

...
Storage {
 ...
 Address = mySD.network.net
 ...
}

Certificates:

For clients creates certificates with 'Netscape Cert Type' = 'SSL Client'. For servers creates certificates with 'Netscape Cert Type' = 'SSL Server'.

For server's certificates CN's may have hostname, FQDN hostname, IP-address etc (after fixing bug 0001470).

Example certificates files names:

Director daemon - dir_s, dir_c;
File daemon: fd_s, fd_c;
Storage daemon: sd_s, sd_c;
Console: console_c.

Configuration:

fd.conf

FileDaemon {
 ...
 TLS Certificate = fd_c.pem
 ...
}
Director {
 Name = dir
 ...  
 TLS Certificate = fd_s.pem
 ...
}
Director {
 Name = mon
 Monitor = yes
 ...  
 TLS Certificate = fd_s.pem
 ...
}

sd.conf

Storage {
 ...
 TLS Certificate = sd_s.pem
 ...
}
Director {
 Name = dir
 ...  
 TLS Certificate = sd_s.pem
 ...
}
Director {
 Name = mon
 Monitor = yes
 ...  
 TLS Certificate = sd_s.pem
 ...
}

dir.conf

Director {
 ...
 TLS Certificate = dir_s.pem
 ...
}
Console {
 Name = mon
 ...  
 TLS Certificate = dir_s.pem
 ...
}
Storage { 
 ...  
 TLS Certificate = dir_c.pem
 ...
}
Client {
 ...
 TLS Certificate = dir_c.pem
 ...
}

console.conf

Director {
 ...
 TLS Certificate = console_c.pem
 ...
}
bacula_manual/bacula_tls_communications_encryption.txt · Last modified: 2010/02/09 08:20 by kisa_co