Dear Phillip
thanks for your posting -- I seem to have it working. Here my lessons
learned:
1) The key in a firewall/NAT setup seems to be "TLS Allow CN" as the
FQDN is not necessarily that of the server behind the firewall. Without
it, the check of the certificates will fail.
2) As you pointed out, TLS works with a public key, a certificate for
the key, and a root certificate defining a web of trust. It is not a
password mechanism, so certificates of server and client do not need to
"match" (contrary to the password mechanism of bareos/bacula)
One more question:
> The private key file is only needed to be able to load the
certificates. It has nothing to do with
> the connection itself.
How does the storage daemon, the director, or the file daemon know about
the name of the file containing the private key ? It seems to be nowhere
defined in the configuration files.
Thanks
Tilman
--
You received this message because you are subscribed to the Google Groups
"bareos-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
For more options, visit https://groups.google.com/d/optout.
