Hello Tilman, Am 10.06.2015 um 23:08 schrieb Tilman Glötzer: > Dear Phillip > > thanks for your posting -- I seem to have it working. Here my lessons learned: > > 1) The key in a firewall/NAT setup seems to be "TLS Allow CN" as the FQDN is > not necessarily that of > the server behind the firewall. Without it, the check of the certificates > will fail. > > 2) As you pointed out, TLS works with a public key, a certificate for the > key, and a root > certificate defining a web of trust. It is not a password mechanism, so > certificates of server and > client do not need to "match" (contrary to the password mechanism of > bareos/bacula) > > One more question: > >> The private key file is only needed to be able to load the certificates. It >> has nothing to do with >> the connection itself. > How does the storage daemon, the director, or the file daemon know about the > name of the file > containing the private key ? It seems to be nowhere defined in the > configuration files.
Please see in the docs: http://doc.bareos.org/master/html/bareos-manual-main-reference.html#ExampleTLSConfigurationFiles I guess you are looking for the directive "TLS Key"? > Thanks > Tilman > -- Mit freundlichen Grüßen Philipp Storz [email protected] Bareos GmbH & Co. KG Phone: +49 221 63 06 93-92 http://www.bareos.com Fax: +49 221 63 06 93-10 Sitz der Gesellschaft: Köln | Amtsgericht Köln: HRA 29646 Geschäftsführer: Stephan Dühr, M. Außendorf, J. Steffens, P. Storz, M. v. Wieringen -- You received this message because you are subscribed to the Google Groups "bareos-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/d/optout.
