SSL encryption
Topics for using SSL in Cassandra.
The Secure Socket Layer (SSL) is a cryptographic protocol used to secure communications between computers. For reference, see SSL in wikipedia.
Briefly, it works in the following manner. A client and server are defined as two entities
that are communicating with one another, either software or hardware. These entities must
exchange information to set up trust between them. Each entity that will provide such
information must have a generated key that consists of a private key that only the entity
stores and a public key that can be exchanged with other entities. If the client wants to
connect to the server, the client requests the secure connection and the server sends a
certificate that includes its public key. The client checks the validity of the certificate by
exchanging information with the server, which the server validates with its private key. If a
two-way validation is desired, this process must be carried out in both directions. Private
keys are stored in the keystore
and public keys are stored in the
truststore
.
For Cassandra, the entities can be nodes or one of the tools such as cqlsh
or nodetool
running on either a local node or a remote node.