[Bacula-users] TLS : can't get started

Dan Langille Sun, 22 Jan 2006 07:09:20 -0800

I'm trying to get things set up.

So far, I'm just adding TLS instructions to the Director:


Director {                            # define myself
  Name = bacula-dir
  DIRport = 9101                # where we listen for UA connections
  QueryFile = "/usr/local/share/bacula/query.sql"
  WorkingDirectory = "/home/bacula/working"
  PidDirectory = "/var/run"
  Maximum Concurrent Jobs = 1
  Password = "x1m0uk0Zk96bgYsTSdssg5vl0u6oXGh78SnCakOjg7XD" 
  Messages = Standard

  TLS Enable = yes
  TLS Verify Peer = yes
  TLS Allowed CN = "bacula.unixathome.org"
  TLS CA Certificate File = /home/bacula/certificates/cacert.pem

  TLS Certificate=home/bacula/certificates/bacula.unixathome.org.cert
  TLS Key      = /home/bacula/certificates/bacula.unixathome.org.key
}

Upon startup, I'm seeing:

$ sudo /usr/local/sbin/bacula-dir -u bacula -g bacula -v -c 
/usr/local/etc/bacula-dir.conf
22-Jan 10:03 bacula-dir: ERROR in tls.c:83 Error loading private key: 
ERR=error:0906A068:PEM routines:PEM_do_header:bad password read
22-Jan 10:03 bacula-dir: ERROR in tls.c:83 Error loading private key: 
ERR=error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
22-Jan 10:03 bacula-dir:  Fatal error: Failed to initialize TLS 
context for Director "bacula-dir" in /usr/local/etc/bacula-dir.conf.
22-Jan 10:03 bacula-dir ERROR TERMINATION
Please correct configuration file: /usr/local/etc/bacula-dir.conf
$

Could this be:

passphrase issues?
permission not correct?
wrong type of file used for a given TLS directive?

FYI:  I'm using CACert.org to create my certificates, so that's why 
you see a refercence to cacert.pem in the "TLS CA Certificate File" 
directive.

Thanks.
-- 
Dan Langille : http://www.langille.org/
BSDCan - The Technical BSD Conference - http://www.bsdcan.org/




-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Bacula-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bacula-users

[Bacula-users] TLS : can't get started

Reply via email to