Cassandra inter-node basic encryption question

(2 posts) (2 voices)

• Started 5 months ago by omarbizkit
• Latest reply from Katrina
• This topic is not resolved

Tags:

No tags yet.

1. 

   omarbizkit
   Member

   I have a 6 node cassandra cluster and I need to enable TLS encryption for communication between nodes but since I have very little experience with
   Java and encryption in general I have the following question:
   After generating key pairs and importing the local certificate to the truststore on each node do I have to import all public keys on each of the cassandra nodes?

   Posted 5 months ago #
2. 

   Katrina
   Member

   Yes, you should import the public cert from all the nodes into each node's trust store. Here is the command:

   keytool -import -alias <alias> -file <certfile> -keystore <truststore-file>

   where:
   <alias> is some alias for the certificate holder,
   <certfile> is the public key file (certificate file),
   <truststore-file> is the trust store (one for each node)

   You can add the option: -noprompt if you don't want to be prompted to confirm that you really want to trust the certificate.

   You should then move each truststore-file to somewhere where the owning cassandra node can access it and enter the full path location in cassandra.yaml (in the truststore item in encryption_options). You will also need to enter the trust store password in cassandra.yaml (in the truststore_password item in encryption_options). Note the trust store password is the password that you entered each time you ran the keytool -import command.

   Posted 5 months ago #

RSS feed for this topic

Reply

You must log in to post.