Enabling TLS Authentication between Director and Client

Let’s consider “darkstart-dir” director at “darkstar.example.com and” and the “arrakis-fd” file daemon at “arrakis.example.com”.

• In bacula-dir.conf:

  Client {
      Name = arrakis-fd
      Address = arrakis.example.com
      FD Port = 9112
      Catalog = MyCatalog
      Password = "password"
      AutoPrune = no
      Maximum Concurrent Jobs = 4
      TLS Enable = yes
      TLS Require = yes
      TLS Authenticate = yes
      TLS CA Certificate File = /usr/local/bacula/etc/ssl/certs/root_cert.pem
      TLS Certificate = /usr/local/bacula/etc/ssl/certs/darkstar_cert.pem
      TLS Key = /usr/local/bacula/etc/ssl/keys/darkstar_key.pem
  }
  

• In bacula-fd.conf:

  Director {
      Name = darkstar-dir
      Password = "password"
      TLS Enable = yes
      TLS Require = yes
      TLS Verify Peer = yes
      TLS Authenticate = yes
      TLS Allowed CN = arrakis.example.com
      TLS CA Certificate File = /usr/local/bacula/etc/ssl/certs/root_cert.pem
      TLS Certificate = /usr/local/bacula/etc/ssl/certs/arrakis_cert.pem
      TLS Key = /usr/local/bacula/etc/ssl/keys/arrakis_key.pem
  }
  

See also

Previous articles:

• Enabling TLS Authentication between Director and Console

Next articles:

• Enabling TLS Authentication between Director and Storage

• Enabling TLS Authentication between Client and Storage

Go back to: Enable TLS Authentication Between Daemons.