Require TLS connections.
\item [TLS Certificate = \lt{}Directory\gt{}]
-Path to PEM encoded TLS certificate. Used as either a client or server
-certificate.
+Path to a PEM encoded TLS certificate. It can be used as either a client
+or server certificate.
\item [TLS Key = \lt{}Directory\gt{}]
-Path to PEM encoded TLS private key. Must correspond with the TLS
+Path to a PEM encoded TLS private key. It must correspond to the TLS
certificate.
\item [TLS Verify Peer = \lt{}yes|no\gt{}]
Not valid in a client context.
\item [TLS Allowed CN = \lt{}string list\gt{}]
-Common name attribute of allowed peer certificates. If directive is
+Common name attribute of allowed peer certificates. If this directive is
specified, all client certificates will be verified against this list.
-This directive may be specified more than once. Not valid in a client
+This directive may be specified more than once. It is not valid in a client
context.
\item [TLS CA Certificate File = \lt{}Directory\gt{}]
\index[general]{Certificate!Creating a Self-signed }
\addcontentsline{toc}{subsection}{Creating a Self-signed Certificate}
-You may create a self-signed certificate for use with the Bacula TLS
-that will permit
-you to make it function, but will not allow certificate validation. The .pem
-file containing both the certificate and the key can be made with the
-following, which I put in a file named {\bf makepem}:
+You may create a self-signed certificate for use with the Bacula TLS that
+will permit you to make it function, but will not allow certificate
+validation. The .pem file containing both the certificate and the key
+valid for 10 years can be made with the following:
\footnotesize
\begin{verbatim}
-#!/bin/sh
-#
-# Simple shell script to make a .pem file that can be used
-# with stunnel and Bacula
-#
-OPENSSL=openssl
- umask 77
- PEM1=`/bin/mktemp openssl.XXXXXX`
- PEM2=`/bin/mktemp openssl.XXXXXX`
- ${OPENSSL} req -newkey rsa:1024 -keyout $PEM1 -nodes \
- -x509 -days 365 -out $PEM2
- cat $PEM1 > stunnel.pem
- echo "" >>stunnel.pem
- cat $PEM2 >>stunnel.pem
- rm $PEM1 $PEM2
+ openssl req -new -x509 -nodes -out bacula.pem -keyout bacula.pem -days 3650
\end{verbatim}
\normalsize