I have a 6 node cassandra cluster and I need to enable TLS encryption for communication between nodes but since I have very little experience with
Java and encryption in general I have the following question:
After generating key pairs and importing the local certificate to the truststore on each node do I have to import all public keys on each of the cassandra nodes?
In an effort to consolidate free help offered for our products we have decided to move these forums to a more widely used forum. Please use one of the following queries (or any combination):
- Cassandra: tag search or plain text search
- DataStax Enterprise: tag search or plain text search
- DataStax OpsCenter: tag search or plain text search
Cassandra inter-node basic encryption question(2 posts) (2 voices)
I have a 6 node cassandra cluster and I need to enable TLS encryption for communication between nodes but since I have very little experience withPosted 2 years ago #
Yes, you should import the public cert from all the nodes into each node's trust store. Here is the command:
keytool -import -alias <alias> -file <certfile> -keystore <truststore-file>
<alias> is some alias for the certificate holder,
<certfile> is the public key file (certificate file),
<truststore-file> is the trust store (one for each node)
You can add the option: -noprompt if you don't want to be prompted to confirm that you really want to trust the certificate.
You should then move each truststore-file to somewhere where the owning cassandra node can access it and enter the full path location in cassandra.yaml (in the truststore item in encryption_options). You will also need to enter the trust store password in cassandra.yaml (in the truststore_password item in encryption_options). Note the trust store password is the password that you entered each time you ran the keytool -import command.Posted 2 years ago #