Configure SSL for client-to-node connections in a development environment

Set up SSL for client-to-node connections for a cluster in a development, test, or demonstration environment.

Set up SSL for client-to-node connections for a cluster in a development, test, or demonstration environment.

cassandra.yaml

The location of the cassandra.yaml file depends on the type of installation:
Package installations /etc/dse/cassandra/cassandra.yaml
Tarball installations installation_location/resources/cassandra/conf/cassandra.yaml

Procedure

  1. In the cassandra.yaml file, in the client_encryption_options section:
    • Set enabled to true.
    • Provide the passwords that were used when generating the keystore and truststore.
    • Set the paths to your .keystore and .truststore files.
    • If two-way certificate authentication is desired, set require_client_auth to true. Enabling two-way certificate authentication allows tools to connect to a remote node.
    • Complete Using local SSL certificate and keystore files.

    For local access to run cqlsh on a local node with SSL encryption, require_client_auth can be set to false.

    client_encryption_options:
        enabled: true
        optional: false
        keystore_type: PKCS12
        keystore: resources/dse/conf/.keystore
        keystore_password: cassandra
        require_client_auth: false
        truststore_type: PKCS12
        truststore: resources/dse/conf/.truststore
        truststore_password: cassandra
        # protocol: TLS
        # algorithm: SunX509
        cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA]
    
  2. Restart DataStax Enterprise.