Using SSL connections 

Connecting Studio to an SSL-enabled DataStax Enterprise cluster.

Prerequisites

  • SSL must be configured and working on your cluster.
  • Install the Java Cryptography Extension (JCE) on your client system.

    Download Java 8 for DataStax Enterprise.

    Installation directory (jre lib/security):

    • Linux: /usr/lib/jvm/jdk1.major.minor_update/jre/lib/security
    • Mac OS X: /Library/Java/JavaVirtualMachines/jdk1.major.minor_update/Contents/Home/jre/lib/security
    • Windows: C:\Program Files\Java\jre7\lib\security

    Extract the downloaded file and copy the content of UnlimitedJCEPolicy directory to the jre/lib/security directory.

  • The keytool command to manage encryption keys.
    Note: If you cannot find the keytool command on a Windows system, read these instructions.

Procedure

Server verification

  1. To perform server verification, the client needs to have the public key certificate of each node in the cluster stored in a local truststore file. This file is password protected (keytool prompts to create a password). The truststore file and password is entered into the Create Connections dialog box (see below).
    1. Using keytool, create a truststore file on your client by importing the public key certificates from each node in your cluster.
      keytool -import -v -trustcacerts -alias node0 -file node0.cer -keystore .truststore &
      keytool -import -v -trustcacerts -alias node1 -file node1.cer -keystore .truststore &
      keytool -import -v -trustcacerts -alias node2 -file node2.cer -keystore .truststore
    2. In Studio, select Connections (in the main menu) to open the Browse Connections page.
    3. Select the + button to add a connection.
      The Create Connection dialog displays.
    4. Select the Use SSL checkbox.
      More fields display.
    5. Add the paths to the truststore file and the truststore password.
    6. Select Test to verify that you can successfully connect to DataStax Enterprise nodes.

Client verification

  1. If your cluster requires client verification, you need to perform the following additional steps:
    1. Create an SSL certificate for the client host (that is, the system on which Studio is installed).
      keytool -genkey -alias client-host -keystore .keystore
    2. Export the client certificate.
      keytool -export -alias client-host -file client-host.cer -keystore .keystore
      The public certificate is stored in the client-host.cer file.
    3. Copy the public certificate and import it into the truststore on all nodes of the DataStax Enterprise cluster which you want Studio to be connected to.
      keytool -import -v -trustcacerts -alias client-host \
      -file /tmp/client-host.cer -keystore /var/tmp/.truststore
      Note: You may have to ask your cluster administrator if you do not have the proper permissions to modify the truststore file on the cluster nodes.
    4. In Studio, select > Edit to edit your connection.
    5. Enter location of the keystore file and keystore password.
      The Edit Connection displays an error if the keystore filepath or password is incorrect.
    6. Select Test to verify your configuration.
    7. Click Save at the bottom of the Edit Connection dialog to update the connection.
      Now you can enable and have Studio communicate with your SSL-enabled cluster.