Enabling TLS Authentication between Client and Storage
Let’s consider “darkstar-fd” (on “darkstar.example.com”) and “arrakis-fd” (at “arrakis.example.com”) clients need to connect to the “aladan-sd” storage daemon running on “caladan.example.com” using TLS.
In bacula-fd.conf file at darkstar.example.com:
FileDaemon { Name = darkstar-fd FD Port = 9112 FD Address = darkstar.example.com WorkingDirectory = /usr/local/bacula/working Pid Directory = /var/run Maximum Concurrent Jobs = 10 TLS Enable = yes TLS Require = yes TLS Authenticate = yes TLS CA Certificate File = /usr/local/bacula/etc/ssl/certs/root_cert.pem TLS Certificate = /usr/local/bacula/etc/ssl/certs/darkstar_cert.pem TLS Key = /usr/local/bacula/etc/ssl/keys/darkstar_key.pem }In bacula-fd.conf file at “arrakis.example.com”:
FileDaemon { Name = arrakis-fd FD Port = 9112 FD Address = arrakis.example.com WorkingDirectory = /usr/local/bacula/working Pid Directory = /var/run Maximum Concurrent Jobs = 10 TLS Enable = yes TLS Require = yes TLS Authenticate = yes TLS CA Certificate File = /usr/local/bacula/etc/ssl/certs/root_cert.pem TLS Certificate = /usr/local/bacula/etc/ssl/certs/arrakis_cert.pem TLS Key = /usr/local/bacula/etc/ssl/keys/arrakis_key.pem }In bacula-sd.conf file at “caladan.example.com”:
Storage { Name = caladan-sd SD Port = 9113 SD Address = caladan.example.com WorkingDirectory = "/usr/local/bacula/working" Pid Directory = "/var/run" Maximum Concurrent Jobs = 40 TLS Enable = yes TLS Require = yes TLS Authenticate = yes TLS Allowed CN = darkstar.example.com , arrakis.example.com TLS CA Certificate File = /usr/local/bacula/etc/ssl/certs/root_cert.pem TLS Certificate = /usr/local/bacula/etc/ssl/certs/caladan_cert.pem TLS Key = /usr/local/bacula/etc/ssl/keys/caladan_key.pem }
See also
Go back to:
Go back to the Enable TLS Authentication Between Daemons chapter.
Go back to the Example TLS Configuration Files chapter.
Go back to the Bacula Communications Encryption chapter.
Go back to the main Advanced Features Usage page.