Using local SSL certificate and keystore files

Create SSL certificates, keystores, and truststores.

Use these steps as a general guide to create and distribute SSL certificates using OpenSSL and Java keytool.

Use SSL certificates for client-to-node encryption and node-to-node encryption. DataStax supports SSL using well-known CA signed certificates for each node or with bring your own (BYO) root Certificate Authority. DataStax recommends using certificates signed by a CA to reduce SSL certificate management tasks. However, it is possible to use self-signed certificates in DSE. DataStax Enterprise (DSE) supports SSL certificates in local and external keystores.

OpsCenter Lifecycle Manager can configure DataStax Enterprise clusters to use client-to-node and node-to-node encryption and automates the process of preparing server certificates. See Configuring SSL/TLS for DSE using LCM.
Important:

DataStax recommends using a computer outside the DSE environment to generate and manage SSL certificates. Perform the steps on a dedicated CA server which is fully encrypted and permanently isolated from the network.

Using a well known CA

Skip to Creating a certificate signing request when using a third-party signed certificate or when adding a node using an existing rootCA.