Sven Carstens
2008-01-03 15:49:49 UTC
Hi,
I'm trying to setup a TLS connection between one external FD and
the director. Running status on the client results in
03-Jan 16:12 epistaxis-dir: ERROR in openssl.c:74 Connect failure: ERR=error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
03-Jan 16:12 epistaxis-dir: *Console*.2008-01-03_16.12.28 Fatal error: TLS negotiation failed with FD on "[Hostname]:9102".
FD and DIR are running 2.0.3.
A connection with openssl s_client/s_server and the relevant key/dir/CA files as used by the bacula configuration
is working perfectly.
Configuration:
----------------------
bacula-fd.conf on [Hostname]
Director {
Name = epistaxis-dir
Password = "[Password]"
TLS Enable = yes
TLS Require = yes
TLS Certificate = /etc/bacula/certs/[Hostname]@blinker-links.de-cert.pem
TLS Key = /etc/bacula/certs/[Hostname]@blinker-links.de-key.pem
TLS CA Certificate File = /etc/ssl/certs/cacert.pem
}
bacula-dir.conf on epistaxis
Client {
TLS Enable = yes
TLS Require = yes
TLS CA Certificate File = /etc/ssl/certs/cacert.pem
Name = [Hostname]-fd
Address = [Hostname]
FDPort = 9102
...
}
Director {
Name = epistaxis-dir
DIRport = 9101
TLS Enable = yes
TLS CA Certificate File = /etc/ssl/certs/cacert.pem
TLS Certificate = /etc/bacula/certs/***@bacula.blinker-links.de-cert.pem
TLS Key = /etc/bacula/certs/***@bacula.blinker-links.de-key.pem
}
I'm trying to setup a TLS connection between one external FD and
the director. Running status on the client results in
03-Jan 16:12 epistaxis-dir: ERROR in openssl.c:74 Connect failure: ERR=error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
03-Jan 16:12 epistaxis-dir: *Console*.2008-01-03_16.12.28 Fatal error: TLS negotiation failed with FD on "[Hostname]:9102".
FD and DIR are running 2.0.3.
A connection with openssl s_client/s_server and the relevant key/dir/CA files as used by the bacula configuration
is working perfectly.
Configuration:
----------------------
bacula-fd.conf on [Hostname]
Director {
Name = epistaxis-dir
Password = "[Password]"
TLS Enable = yes
TLS Require = yes
TLS Certificate = /etc/bacula/certs/[Hostname]@blinker-links.de-cert.pem
TLS Key = /etc/bacula/certs/[Hostname]@blinker-links.de-key.pem
TLS CA Certificate File = /etc/ssl/certs/cacert.pem
}
bacula-dir.conf on epistaxis
Client {
TLS Enable = yes
TLS Require = yes
TLS CA Certificate File = /etc/ssl/certs/cacert.pem
Name = [Hostname]-fd
Address = [Hostname]
FDPort = 9102
...
}
Director {
Name = epistaxis-dir
DIRport = 9101
TLS Enable = yes
TLS CA Certificate File = /etc/ssl/certs/cacert.pem
TLS Certificate = /etc/bacula/certs/***@bacula.blinker-links.de-cert.pem
TLS Key = /etc/bacula/certs/***@bacula.blinker-links.de-key.pem
}