DataStax Enterprise 3.1 Documentation

Node-to-node encryption

This documentation corresponds to an earlier product version. Make sure this document corresponds to your version.

Latest DSE documentation | Earlier DSE documentation

Node-to-node encryption protects data transferred between nodes in a cluster using SSL (Secure Sockets Layer). For information about generating SSL certificates, see Preparing server certificates.

SSL settings for node-to-node encryption

To enable node-to-node SSL, you must set the encryption options in the cassandra.yaml file.

On each node, under encryption_options:

  • Enable the internode_encryption options (described below).
  • Set the appropriate paths to your .keystore and .truststore files.
  • Provide the required passwords. The passwords must match the passwords used when generating the keystore and truststore.
  • To enable peer certificate authentication, set require_client_auth to true.

The available inter-node options are:

  • all
  • none
  • dc: Cassandra encrypts the traffic between the data centers.
  • rack: Cassandra encrypts the traffic between the racks.
   internode_encryption: <internode_option>
   keystore: resources/dse/conf/.keystore
   keystore_password: <keystore password>
   truststore: resources/dse/conf/.truststore
   truststore_password: <truststore password>
   require_client_auth: <true or false>