On Tue, Nov 10, 2020, at 2:11 PM, David Newman wrote:
> Director: FreeBSD 12.2, bacula-server-9.6.6 from pkgs
> Client: OpenBSD 6.8, bacula-client-9.6.5 from pkgs
>
> After upgrading a bacula client's OS from OpenBSD 6.7 to 6.8, nightly
> backups run successfully but throw this warning:
>
> ERR=20:"unable to get local issuer certificate"
>
> This setup uses self-signed certificates and worked without errors or
> warnings before this OS upgrade.
>
> There has been no bacula configuration change on either the client or
> director . A diff of the client bacula-fd.conf file (excerpted below)
> before and after the upgrade shows no change.
>
> I tried revoking the old client cert and generating a new one, but this
> had no effect on the warning message.
>
> I also tried command-line "openssl s_client -connect" commands both
> ways. Both connections worked on the respective ports 9101 and 9102.
>
> Besides the bacula client configuration -- which hasn't changed, aside
> from pointing to new certs with the same filenames -- is there something
> else that needs tweaking on the client?
>
> Many thanks.
>
> dn
>
> -----
>
> client bacula-fd.conf
>
> Director {
> Name = nye-dir
> ..
>
> TLS Require = yes
> TLS Enable = yes
> TLS Verify Peer = yes
>
> # Allow only the Director to connect
> TLS Allowed CN = "backups.example.com"
> TLS CA Certificate File = /etc/bacula/cacert.pem
> TLS Certificate = /etc/bacula/client.pem
> TLS Key = /etc/bacula/client.key
>
> }
>
> ..
>
> FileDaemon {
> Name = client-fd
> FDport = 9102 # where we listen for the director
> WorkingDirectory = /var/db/bacula
> Pid Directory = /var/run
> Maximum Concurrent Jobs = 20
>
> TLS Require = yes
> TLS Enable = yes
>
> TLS CA Certificate File = /etc/bacula/cacert.pem
> TLS Certificate = /etc/bacula/client.pem
> TLS Key = /etc/bacula/client.key
>
> }
Did you solve this one?
--
Dan Langille
[email protected]
_______________________________________________
Bacula-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bacula-users
