Enabling TLS Authentication between Director and Client

Let’s consider “darkstart-dir” director at “darkstar.example.com and” and the “arrakis-fd” file daemon at “arrakis.example.com”.

• In bacula-dir.conf:

  Client {
      Name = arrakis-fd
      Address = arrakis.example.com
      FD Port = 9112
      Catalog = MyCatalog
      Password = "password"
      AutoPrune = no
      Maximum Concurrent Jobs = 4
      TLS Enable = yes
      TLS Require = yes
      TLS Authenticate = yes
      TLS CA Certificate File = /usr/local/bacula/etc/ssl/certs/root_cert.pem
      TLS Certificate = /usr/local/bacula/etc/ssl/certs/darkstar_cert.pem
      TLS Key = /usr/local/bacula/etc/ssl/keys/darkstar_key.pem
  }
  

• In bacula-fd.conf:

  Director {
      Name = darkstar-dir
      Password = "password"
      TLS Enable = yes
      TLS Require = yes
      TLS Verify Peer = yes
      TLS Authenticate = yes
      TLS Allowed CN = arrakis.example.com
      TLS CA Certificate File = /usr/local/bacula/etc/ssl/certs/root_cert.pem
      TLS Certificate = /usr/local/bacula/etc/ssl/certs/arrakis_cert.pem
      TLS Key = /usr/local/bacula/etc/ssl/keys/arrakis_key.pem
  }
  

See also

Go back to:

• Enabling TLS Authentication between Director and Console

Go to:

• Enabling TLS Authentication between Director and Storage

• Enabling TLS Authentication between Client and Storage

Go back to the Enable TLS Authentication Between Daemons chapter.

Go back to the Example TLS Configuration Files chapter.

Go back to the Bacula Communications Encryption chapter.

Go back to the main Advanced Features Usage page.