X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=docs%2Fmanual%2Ftls.tex;h=931e60eeef59542ae0411d87574b4cde2a747e05;hb=c957321e0c7ff8d440bcc1fd5755536e9c53b8a8;hp=f80b6d6cdcad10fd21178e4fd3957039a47c5235;hpb=4741f4051355e1c3eaa8c44da8871e25453b3c2a;p=bacula%2Fdocs diff --git a/docs/manual/tls.tex b/docs/manual/tls.tex index f80b6d6c..931e60ee 100644 --- a/docs/manual/tls.tex +++ b/docs/manual/tls.tex @@ -1,5 +1,5 @@ -\section*{Bacula TLS -- Communications Encryption} +\chapter{Bacula TLS -- Communications Encryption} \label{CommEncryption} \index[general]{TLS -- Communications Encryption} \index[general]{Communications Encryption} @@ -7,7 +7,6 @@ \index[general]{Encryption!Transport} \index[general]{Transport Encryption} \index[general]{TLS} -\addcontentsline{toc}{section}{TLS -- Communications Encryption} Bacula TLS (Transport Layer Security) is built-in network encryption code to provide secure network transport similar to @@ -36,10 +35,9 @@ subject to known plaintext attacks, and it should be considered considerably less secure than PKI certificate-based authentication. Appropriate autoconf macros have been added to detect and use OpenSSL -if enabled on the {\bf ./configure} line with {\bf \verb?--?enable-openssl} +if enabled on the {\bf ./configure} line with {\bf \verb?--?with-openssl} -\subsection*{TLS Configuration Directives} -\addcontentsline{toc}{section}{TLS Configuration Directives} +\section{TLS Configuration Directives} Additional configuration directives have been added to all the daemons (Director, File daemon, and Storage daemon) as well as the various different Console programs. @@ -119,10 +117,9 @@ may use openssl: \end{description} -\subsection*{Creating a Self-signed Certificate} +\section{Creating a Self-signed Certificate} \index[general]{Creating a Self-signed Certificate } \index[general]{Certificate!Creating a Self-signed } -\addcontentsline{toc}{subsection}{Creating a Self-signed Certificate} You may create a self-signed certificate for use with the Bacula TLS that will permit you to make it function, but will not allow certificate @@ -171,10 +168,9 @@ TinyCA can be found at \elink{http://tinyca.sm-zone.net/}{http://tinyca.sm-zone.net/}. -\subsection*{Getting a CA Signed Certificate} +\section{Getting a CA Signed Certificate} \index[general]{Certificate!Getting a CA Signed } \index[general]{Getting a CA Signed Certificate } -\addcontentsline{toc}{subsection}{Getting a CA Signed Certificate} The process of getting a certificate that is signed by a CA is quite a bit more complicated. You can purchase one from quite a number of PKI vendors, but @@ -189,10 +185,9 @@ http://ospkibook.sourceforge.net/docs/OSPKI-2.4.7/OSPKI-html/ospki-book.htm} {http://ospkibook.sourceforge.net/docs/OSPKI-2.4.7/OSPKI-html/ospki-book.htm}. Note, this link may change. -\subsection*{Example TLS Configuration Files} +\section{Example TLS Configuration Files} \index[general]{Example!TLS Configuration Files} \index[general]{TLS Configuration Files} -\addcontentsline{toc}{subsection}{Example TLS Configuration Files} Landon has supplied us with the TLS portions of his configuration files, which should help you setting up your own.