Client-to-node encryption protects data in flight from client machines to a database cluster. It establishes a secure channel between the client and the coordinator node. Unlike Kerberos, SSL is fully distributed and does not require setting up a shared authentication service. For information about generating SSL certificates, see Preparing server certificates.
To enable client-to-node SSL, you must set the client encryption options. Where you set them depends on the version:
On each node, under client_encryption_options:
client_encryption_options: enabled: true keystore: resources/dse/conf/.keystore keystore_password: <keystore password> keystore_type: JKS truststore: resources/dse/conf/.truststore truststore_password: <truststore password> protocol: ssl cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA]
For information about using Kerberos with SSL, see Using Kerberos and SSL at the same time.
When you enable SSL, it automatically enables the authentication/authorization filters in Solr web.xml and configures an SSL connector in Tomcat. This means that you don't have to change your web.xml or server.xml.