Enabling TLS Authentication between Director and Storage

Let’s consider “darkstart-dir” director at “darkstar.example.com” and the “caladan-sd” storage daemon on “caladan.example.com”.

• In bacula-dir.conf:

  Storage {
      Name = VTL-storage
      SD Port = 9113Address = caladan.example.com
      Password = "password"
      Device = "Virtual Tape Library"
      Autochanger = yes
      Media Type = VTL
      Maximum Concurrent Jobs = 30
      TLS Enable = yes
      TLS Require = yes
      TLS Authenticate = yes
      TLS CA Certificate File = /usr/local/bacula/etc/ssl/certs/root_cert.pem
      TLS Certificate = /usr/local/bacula/etc/ssl/certs/darkstar_cert.pem
      TLS Key = /usr/local/bacula/etc/ssl/keys/darkstar_key.pem
  }
  

• In bacula-sd.conf:

  Director {
      Name = darkstar-dir
      Password = "password"
      TLS Enable = yes
      TLS Require = yes
      TLS Verify Peer = yes
      TLS Authenticate = yes
      TLS Allowed CN = caladan.example.com
      TLS CA Certificate File = /usr/local/bacula/etc/ssl/certs/root_cert.pem
      TLS Certificate = /usr/local/bacula/etc/ssl/certs/caladan_cert.pem
      TLS Key = /usr/local/bacula/etc/ssl/keys/caladan_key.pem
  }
  

See also

Go back to:

• Enabling TLS Authentication between Director and Console

• Enabling TLS Authentication between Director and Client

Go to:

• Enabling TLS Authentication between Client and Storage

Go back to the Enable TLS Authentication Between Daemons chapter.

Go back to the Example TLS Configuration Files chapter.

Go back to the Bacula Communications Encryption chapter.

Go back to the main Advanced Features Usage page.