Configuring SSL for client-to-node connections

Use SSL to secure connections from a client node to the coordinator node.


The default location of the Tomcat server.xml file depends on the installation type:
Package installations /etc/dse/tomcat/conf/server.xml
Tarball installations installation_location/resources/tomcat/conf/server.xml

Client-to-node encryption protects in-flight data from client machines to a database cluster using SSL (Secure Sockets Layer) and establishes a secure channel between the client and the coordinator node.

Note: On a DSE Search node, enabling SSL for the database automatically enables SSL in the DSE Search web.xml file and configures an SSL connector in Tomcat using the authentication/authorization filters. No changes are required for the web.xml or server.xml files.

If the TomcatSolrRunner doesn't find a connector in server.xml, it creates a default connector. The default connector binds to the native_transport_address.

Complete SSL setup using the following sections:

CAUTION: If you are not using the JCE Unlimited Strength Jurisdiction Policy, make sure that your ticket granting principal does not use AES-256. If your ticket granting principal uses AES-256, you might see a warning like this in the logs:
WARN [StreamConnectionEstablisher:18] 2015-06-22 14:12:18,589 (line 162) Filtering out 
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA as it isnt supported by the socket