I have a 6 node cassandra cluster and I need to enable TLS encryption for communication between nodes but since I have very little experience with
Java and encryption in general I have the following question:
After generating key pairs and importing the local certificate to the truststore on each node do I have to import all public keys on each of the cassandra nodes?
Cassandra inter-node basic encryption question(2 posts) (2 voices)
I have a 6 node cassandra cluster and I need to enable TLS encryption for communication between nodes but since I have very little experience withPosted 5 months ago #
Yes, you should import the public cert from all the nodes into each node's trust store. Here is the command:
keytool -import -alias <alias> -file <certfile> -keystore <truststore-file>
<alias> is some alias for the certificate holder,
<certfile> is the public key file (certificate file),
<truststore-file> is the trust store (one for each node)
You can add the option: -noprompt if you don't want to be prompted to confirm that you really want to trust the certificate.
You should then move each truststore-file to somewhere where the owning cassandra node can access it and enter the full path location in cassandra.yaml (in the truststore item in encryption_options). You will also need to enter the trust store password in cassandra.yaml (in the truststore_password item in encryption_options). Note the trust store password is the password that you entered each time you ran the keytool -import command.Posted 5 months ago #
You must log in to post.