Connecting DevCenter to an SSL-enabled Apache Cassandra or DataStax Enterprise
cluster.
DataStax DevCenter is compatible with DataStax Enterprise (DSE) versions up to 5.0.
Prerequisites
- SSL must be configured and working on your cluster.
- Install the Java Cryptography Extension (JSE) on your client system.
Download
the same version of Java as Apache Cassandra™ or DataStax Enterprise
use:
Installation directory (jre lib/security):
- Linux:
/usr/lib/jvm/jdk1.major.minor_update/jre/lib/security
- Mac OS X:
/Library/Java/JavaVirtualMachines/jdk1.major.minor_update/Contents/Home/jre/lib/security
- Windows: C:\Program
Files\Java\jre7\lib\security
Extract the downloaded file and copy the content of
UnlimitedJCEPolicy directory to the
jre/lib/security directory.
- The keytool command to manage encryption keys.
Note: If you
cannot find the
keytool command on a Windows system, read
these instructions.
Procedure
Server verification
-
To perform server verification, the client needs to have the public key
certificate of each node in the cluster stored in a local truststore file. This
file is password protected (keytool prompts to create a
password). The truststore file and password is entered into the DevCenter
connection manager dialog box (see below).
-
Using keytool, create a truststore file on your
client by importing the public key certificates from each node in your
cluster.
$ keytool -import -v -trustcacerts -alias node0 -file node0.cer -keystore .truststore
$ keytool -import -v -trustcacerts -alias node1 -file node1.cer -keystore .truststore
$ keytool -import -v -trustcacerts -alias node2 -file node2.cer -keystore .truststore
-
In DevCenter, select
to open the Connection Manager.
-
Add the IP addresses of the nodes in your cluster.
-
Select Next.
-
Select This cluster requires SSL option and
enter a full path to (or navigate to) the
truststore file on your machine.
-
Enter the truststore password.
-
Select Try to establish a connection link to
verify that you can successfully connect to Cassandra nodes.
Client verification
-
If your cluster requires client verification, you need to perform the following
additional steps:
-
Create an SSL certificate for the client host (that is, the system on
which DevCenter is installed).
$ keytool -genkey -alias client-host -keystore .keystore
-
Export the client certificate.
$ keytool -export -alias client-host -file client-host.cer -keystore .keystore
The public certificate is stored in the
client-host.cer
file.
-
Copy the public certificate and import it into the truststore on all
nodes of the Cassandra cluster which you want DevCenter to be connected
to.
$ keytool -import -v -trustcacerts -alias client-host -file /tmp/client-host.cer -keystore /var/tmp/.truststore
Note: You may have to ask your cluster administrator if you do not have
the proper permissions to modify the truststore file on the cluster
nodes.
-
In DevCenter, right-click your connection and select
Properties to edit the connection in the
Connection Manager.
-
In Advanced Settings (under Basic
Settings) select the Client authentication
required option and enter location of the keystore file
and keystore password.
The Connection manager displays an error
if the keystore filepath or password is incorrect.
-
Click the Try to establish a connection link to
verify your configuration.
-
Click OK at the bottom of the
Connection Manager dialog to create or update
the connection.
Now you can enable and have DevCenter communicate with your
SSL-enabled cluster.