Using SSL connections in DataStax Studio
Steps to connect Studio to an SSL-enabled DataStax Enterprise cluster.
Prerequisites
- SSL must be configured and working on your cluster. See Configuring SSL for details on:
- Client-to-node encryption
- Node-to-node encryption
- Preparing server certificates
- A truststore is required for server verification. The truststore or CA certificate can be shared between all DSE servers and clients. For DataStax Studio, the public key certificate from the CA must be stored in a local truststore file.
- A keystore is required for client verification.
- Java Cryptography Extension (JCE) Unlimited Strength Policy files is required to ensure support for all encryption algorithms.
Procedure
- Enable the Java Cryptography Extension (JCE) on your client system. See Enabling JCE Unlimited.
-
Download Java 8 for DataStax Enterprise.
Installation directory (jre lib/security):
- Linux: /usr/lib/jvm/jdk1.major.minor_update/jre/lib/security
- Mac OS X: /Library/Java/JavaVirtualMachines/jdk1.major.minor_update/Contents/Home/jre/lib/security
- Windows: C:\Program Files\Java\jre7\lib\security
Extract the downloaded file and copy the contents of UnlimitedJCEPolicy directory to the jre/lib/security directory.
-
To perform server verification, the client needs to have the public key
certificate of each node in the cluster stored in a local truststore file.
- Optional:
For client verification, add the paths to the keystore and the keystore
password.
The keystore path is to the Java keystore (JKS). The keystore contains the private key.
-
Select Test to test your connection information.
The
Connected Successfully
message verifies successful connection to DataStax Enterprise nodes. - Click Save
- Restart the Studio server for the JCE policies and other connection changes to take effect.