Node-to-node encryption using SSL

Node-to-node (internode) encryption protects data that is transferred between nodes in a cluster using SSL.

Node-to-node (internode) encryption protects data transferred between nodes in a cluster using SSL (Secure Sockets Layer). For information about generating SSL certificates, see Preparing server certificates.

The location of the cassandra.yaml file depends on the type of installation:
Installer-Services /etc/dse/cassandra/cassandra.yaml
Package installations /etc/dse/cassandra/cassandra.yaml
Installer-No Services install_location/resources/cassandra/conf/cassandra.yaml
Tarball installations install_location/resources/cassandra/conf/cassandra.yaml
Tip: OpsCenter Lifecycle Manager can configure DataStax Enterprise clusters to use node-to-node encryption and automates the process of preparing server certificates using an internal certificate authority and deploys the resulting keystore and truststore to each node automatically.
To encrypt the truststore and keystore passwords with KMIP, see Encrypting using off-server encryption keys.


To enable node-to-node SSL encryption:

Set the server_encryption_options in the cassandra.yaml file on each node:
   internode_encryption: internode_option
   keystore: resources/dse/conf/.keystore
   keystore_password: keystore_password
   truststore: resources/dse/conf/.truststore
   truststore_password: truststore_password
   require_client_auth: true|false
  1. Specify the internode_encryption option.
  2. Set the appropriate paths to your .keystore and .truststore files.
  3. Provide the required passwords. The passwords must match the passwords that were used when generating the keystore and truststore.
  4. To enable peer certificate authentication, set require_client_auth to true.