On 2013-02-15 05:24, mayak-cq wrote: > hi all, > > i've tried to scour the internet for help, but simply cannot seem to > get PKI implemented correctly -- following the docs i have: > > openssl genrsa -out master.key 2048 > openssl req -days 3650 -new -key master.key -x509 -out master.crt > > then for each machine i do a (sample): > > openssl genrsa -out winx64.key 2048 > openssl req -days 3650 -new -key winx64.key -x509 -out winx64.crt > cat winx64.key winx64.crt > winx64.pem > > then, when i restart bacula-fd on a client i get: > > 15-Feb 10:45 baculaFileDaemon JobId 0: Error: crypto.c:462 Provided > certificate does not include the required subjectKeyIdentifier > extension. > 15-Feb 10:45 baculaFileDaemon: Fatal Error at filed.c:418 > because:Failed to load public certificate for File daemon > "baculaFileDaemon" in /etc/bacula/bacula-fd.conf. > 15-Feb 10:45 baculaFileDaemon JobId 0: Error: crypto.c:462 Provided > certificate does not include the required subjectKeyIdentifier > extension. > 15-Feb 10:45 baculaFileDaemon: Fatal Error at filed.c:492 because: > Failed to load master key certificate from file > /etc/bacula/master.crt > for File daemon "baculaFileDaemon" in /etc/bacula/bacula-fd.conf. > 15-Feb 10:45 baculaFileDaemon: ERROR in filed.c:223 Please correct > configuration file: /etc/bacula/bacula-fd.conf > > my openssl.cnf file has subjectKeyIdentifier in the relevant > sections. > > can anyone give me a hand here?
Here's what I did: http://www.freebsddiary.org/bacula-tls.php But now I use the same approach, but I'm using StartSSL.com to create certificates. Either will work. -- Dan Langille - http://langille.org/ ------------------------------------------------------------------------------ The Go Parallel Website, sponsored by Intel - in partnership with Geeknet, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials, tech docs, whitepapers, evaluation guides, and opinion stories. Check out the most recent posts - join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
