Enabling TLS Authentication between Director and Storage

Let’s consider “darkstart-dir” director at “darkstar.example.com” and the “caladan-sd” storage daemon on “caladan.example.com”.

• In bacula-dir.conf:

  Storage {
      Name = VTL-storage
      SD Port = 9113Address = caladan.example.com
      Password = "password"
      Device = "Virtual Tape Library"
      Autochanger = yes
      Media Type = VTL
      Maximum Concurrent Jobs = 30
      TLS Enable = yes
      TLS Require = yes
      TLS Authenticate = yes
      TLS CA Certificate File = /usr/local/bacula/etc/ssl/certs/root_cert.pem
      TLS Certificate = /usr/local/bacula/etc/ssl/certs/darkstar_cert.pem
      TLS Key = /usr/local/bacula/etc/ssl/keys/darkstar_key.pem
  }
  

• In bacula-sd.conf:

  Director {
      Name = darkstar-dir
      Password = "password"
      TLS Enable = yes
      TLS Require = yes
      TLS Verify Peer = yes
      TLS Authenticate = yes
      TLS Allowed CN = caladan.example.com
      TLS CA Certificate File = /usr/local/bacula/etc/ssl/certs/root_cert.pem
      TLS Certificate = /usr/local/bacula/etc/ssl/certs/caladan_cert.pem
      TLS Key = /usr/local/bacula/etc/ssl/keys/caladan_key.pem
  }
  

See also

Previous articles:

• Enabling TLS Authentication between Director and Console

• Enabling TLS Authentication between Director and Client

Next articles:

• Enabling TLS Authentication between Client and Storage

Go back to: Enable TLS Authentication Between Daemons.