Setting up SSL certificates

General steps for generating certificate signing requests, signing, and creating a keystore and truststore for development and production environments.

These steps walk you through the general process to generate and distribute SSL certificates using OpenSSL and Java keytool.

Use SSL certificates for client-to-node encryption and node-to-node encryption. DataStax supports SSL using well-known CA signed certificates for each node or with bring your own (BYO) root Certificate Authority. DataStax recommends using certificates signed by a CA to reduce SSL certificate management tasks. However, it is possible to use self-signed certificates in DSE.

OpsCenter Lifecycle Manager can configure DataStax Enterprise clusters to use client-to-node and node-to-node encryption and automates the process of preparing server certificates. See Configuring SSL/TLS for DSE using LCM.
Important:

DataStax recommends using a computer outside the DSE environment to generate and manage SSL certificates. Perform the steps on a dedicated CA server which is fully encrypted and permanently isolated from the network.

Using a well known CA

Skip to Create a certificate signing request when using a third-party signed certificate or when adding a node using an existing rootCA.