Node-to-node encryption
Node-to-node encryption protects data transferred between nodes in a cluster, including gossip communications, using SSL (Secure Sockets Layer).
Node-to-node encryption protects data transferred between nodes in a cluster, including gossip communications, using SSL (Secure Sockets Layer).
Prerequisites
To enable node-to-node SSL, you must set the server_encryption_options in the cassandra.yaml file.
The location of the cassandra.yaml file depends on the type of
installation:
Package installations | /etc/cassandra/cassandra.yaml |
Tarball installations | install_location/resources/cassandra/conf/cassandra.yaml |
Procedure
On each node under server_encryption_options:
Example
server_encryption_options:
internode_encryption: all
keystore: /conf/keystore.node0
keystore_password: cassandra
truststore: /conf/truststore.node0
truststore_password: cassandra
require_client_auth: true
What's next
cqlsh --ssl ## Package installations $ install_location/bin/nodetool ring ## Tarball installations