Enabling SSL for AlwaysOn SQL

Communication between the driver and AlwaysOn SQL can be encrypted using SSL.

The following instructions give an example of how to set up SSL with a self-signed keystore and truststore.


  1. Ensure client-to-node encryption is enabled and configured correctly.

  2. If the SSL keystore and truststore used for AlwaysOn SQL differ from the keystore and truststore configured in cassandra.yaml, add the required settings to enable SSL to the hive-site.xml configuration file.

    By default the SSL settings in cassandra.yaml will be used with AlwaysOn SQL.

            <value><path to keystore>/keystore.jks</value>
            <value><keystore password></value>
  3. Start or restart the AlwaysOn SQL service.

    Changes in the hive-site.xml configuration file only require a restart of AlwaysOn SQL service, not DSE.

    dse client-tool alwayson-sql start
  4. Test the connection with Beeline.

    dse beeline
    beeline> !connect jdbc:hive2://<hostname>:10000/default;ssl=true;sslTrustStore=<path to truststore>/truststore.jks;trustStorePassword=<truststore password>

    The JDBC URL for the Simba JDBC Driver is:

    jdbc:spark://<hostname>:10000/default;SSL=1;SSLTrustStore=<path to truststore>/truststore.jks;SSLTrustStorePwd=<truststore password>

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com