Using SSL connections in DataStax Studio

Steps to connect Studio to an SSL-enabled DataStax Enterprise cluster.

Prerequisites

  • SSL must be configured and working on your cluster. See Configuring SSL for details on:
    • Client-to-node encryption
    • Node-to-node encryption
    • Preparing server certificates
    DataStax recommends using certificates signed by a CA. See Setting up SSL certificates.
  • A truststore is required for server verification. The truststore or CA certificate can be shared between all DSE servers and clients. For DataStax Studio, the public key certificate from the CA must be stored in a local truststore file.
  • A keystore is required for client verification.
  • Java Cryptography Extension (JCE) Unlimited Strength Policy files is required to ensure support for all encryption algorithms.

Procedure

  1. Enable the Java Cryptography Extension (JCE) on your client system. See Enabling JCE Unlimited.
  2. Download Java 8 for DataStax Enterprise.
    Installation directory (jre lib/security):
    • Linux: /usr/lib/jvm/jdk1.major.minor_update/jre/lib/security
    • Mac OS X: /Library/Java/JavaVirtualMachines/jdk1.major.minor_update/Contents/Home/jre/lib/security
    • Windows: C:\Program Files\Java\jre7\lib\security

    Extract the downloaded file and copy the contents of UnlimitedJCEPolicy directory to the jre/lib/security directory.

  3. To perform server verification, the client needs to have the public key certificate of each node in the cluster stored in a local truststore file.
    1. In the menu (☰), select Connections to open the Browse Connections page.
    2. Click + to add a connection or click to edit an existing connection.
      The Create Connection dialog displays.
    3. Select the Use SSL check box to show the Truststore and Keystore fields.
    4. For server verification, add the paths to the local truststore file and the truststore password.
      The public key certificate from the CA must be stored in a local truststore file.
  4. Optional: For client verification, add the paths to the keystore and the keystore password.
    The keystore path is to the Java keystore (JKS). The keystore contains the private key.
  5. Select Test to test your connection information.
    The Connected Successfully message verifies successful connection to DataStax Enterprise nodes.
  6. Click Save
  7. Restart the Studio server for the JCE policies and other connection changes to take effect.