SSL configuration options for OpsCenter

You can set SSL options across all clusters in opscenterd.conf, for each cluster in cluster_name.conf, or for each node in address.yaml. For filepaths, see Modify configuration files for OpsCenter.

OpsCenter daemon (opscenterd) SSL configuration options

SSL configuration options available in opscenterd.conf:

  • [agents] agent_certfile

    The location of the certfile sent to the DataStax Agents when using SSL communication between OpsCenter and the DataStax Agents. The default location is /var/lib/opscenter/ssl/agentKeyStore.der for package installations and install_location/ssl/agentKeyStore.der for tarball installations.

  • [agents] agent_keyfile

    The location of the keyfile sent to the DataStax Agents when using SSL communication between OpsCenter and the DataStax Agents. The default location is /var/lib/opscenter/ssl/agentKeyStore for package installations and install_location/ssl/agentKeyStore for tarball installations.

    Do not use the agent_keyfile when manually generating and deploying keys.

  • [agents] agent_keyfile_raw

    The raw keystore file stored in the Java keystore from agent_keyfile. This parameter is required only when configuring high availability, so that the secondary OpsCenter instance can communicate with the primary OpsCenter instance. The failover opscenterd processes on the secondary OpsCenter instance use this key to establish a STOMP connection to the primary opscenterd instance.

  • [agents] ssl_certfile

    The location of the SSL certificate used for SSL traffic between OpsCenter and the DataStax Agents. The default location is /var/lib/opscenter/ssl/opscenter.der for package installations and install_location/ssl/opscenter.der for tarball installations.

  • [agents] ssl_keyfile

    The location of the SSL key file used for SSL traffic between OpsCenter and the DataStax Agents. The default location is /var/lib/opscenter/ssl/opscenter.key for package installations and install_location/ssl/opscenter.key for tarball installations.

  • [agents] use_ssl

    Specifies whether traffic between OpsCenter and the DataStax Agents should use SSL. The default value is False.

  • [webserver] ssl_certfile

    The location where the SSL certificate resides. This option requires ssl_keyfile and optionally ssl_port to also be set.

  • [webserver] ssl_keyfile

    The location where the SSL keyfile resides. This option requires ssl_certfile and optionally ssl_port to also be set.

  • [webserver] ssl_port

    The port on which to serve SSL traffic. The default port is 8443.

  • [webserver] ssl_redirect

    Determines whether or not to open up the non-secure port when enabling HTTPS for the webserver. The default behavior redirects HTTP traffic to the HTTPS port. The default value is True.

Cluster SSL configuration options

Cluster-specific SSL configuration options available in cluster_name.conf:

  • [agents] ssl_keystore

    The SSL keystore location for DataStax Agents to use to connect to CQL on the monitored cluster.

  • [agents] ssl_keystore_password

    The SSL keystore password for DataStax Agents to use to connect to CQL on the monitored cluster.

  • [agents] ssl_truststore

    The SSL truststore location for DataStax Agents to use for trusted certs.

  • [agents] ssl_truststore_password

    The SSL truststore password for DataStax Agents to use for trusted certs.

  • [agents] storage_ssl_keystore

    The SSL keystore location for DataStax Agents to use to connect to CQL on the storage cluster.

  • [agents] storage_ssl_keystore_password

    The SSL keystore password for DataStax Agents to use to connect to CQL on the storage cluster.

  • [agents] storage_ssl_truststore

    The SSL truststore location for DataStax Agents to use for trusted certs on the storage cluster.

  • [agents] storage_ssl_truststore_password

    The SSL truststore password for DataStax Agents to use for trusted certs on the storage cluster.

  • [cassandra] ssl_keystore

    The SSL keystore location for OpsCenter to use to connect to Cassandra directly.

  • [cassandra] ssl_keystore_password

    The SSL keystore password for OpsCenter to use to connect to Cassandra directly.

  • [cassandra] ssl_truststore

    The SSL truststore location for OpsCenter to use to connect to Cassandra directly.

  • [cassandra] ssl_truststore_password

    The SSL truststore password for OpsCenter to use to connect to Cassandra directly.

  • [storage_cassandra] ssl_keystore

    The SSL keystore location for OpsCenter to use to connect to Cassandra directly.

  • [storage_cassandra] ssl_keystore_password

    The SSL keystore password for OpsCenter to use to connect to Cassandra directly.

  • [storage_cassandra] ssl_truststore

    The SSL truststore location for OpsCenter to use to connect to Cassandra directly.

  • [storage_cassandra] ssl_truststore_password

    The SSL truststore password for OpsCenter to use to connect to Cassandra directly.

Agent configuration options

SSL configuration options available for agents in address.yaml:

  • monitored_ssl_keystore

    The SSL keystore location for the monitored cluster that agents use to connect to CQL. Example: monitored_ssl_keystore: /etc/dse/conf/.keystore

  • monitored_ssl_keystore_password

    The SSL keystore password for the monitored cluster that agents use to connect to CQL. Example: monitored_ssl_keystore_password: keystore-pass [This field may be encrypted for additional security.]

  • monitored_ssl_truststore

    The SSL truststore location for the monitored cluster that agents use to connect to CQL. Example: monitored_ssl_truststore: /etc/dse/conf/.truststore

  • monitored_ssl_truststore_password

    The SSL truststore password for the monitored cluster that agents use to connect to CQL. Example: monitored_ssl_truststore_password: truststore-pass [This field may be encrypted for additional security.]

  • opscenter_ssl_keystore

    The SSL keystore location that the DataStax Agents use to connect to opscenterd. Example: opscenter_ssl_keystore: /etc/opscenter/conf/.keystore

  • opscenter_ssl_keystore_password

    The SSL keystore password that the agents use to connect to opscenterd. Example: opscenter_ssl_keystore_password: keystore-pass [This field may be encrypted for additional security.]

  • opscenter_ssl_truststore

    The path to the truststore file that the agents use to connect to opscenterd. Example: opscenter_ssl_truststore: /etc/opscenter/conf/.truststore

  • opscenter_ssl_truststore_password

    The SSL truststore password that the agents use to connect to opscenterd. Default: Uses the keystore password if an SSL truststore password is not specified. Example: opscenter_ssl_truststore_password: trust-pass [This field may be encrypted for additional security.]

  • opscenter_ssl_strict_subject_validation

    Instructs the agent to reject certificates from opscenterd when the certificate subject does not match the server’s ip. This option is false by default, which means the agent attempts subject validation first. If that fails, the agent logs a warning and retries the connection without subject validation. In a later version of OpsCenter, the default will change to true. Example: opscenter_ssl_strict_subject_validation: true

  • ssl_keystore

    The SSL keystore location for the storage cluster that agents use to connect to CQL. Example: ssl_keystore: /etc/dse/conf/.keystore

  • ssl_keystore_password

    The SSL keystore password for the storage cluster that agents use to connect to CQL. Example: ssl_keystore_password: keystore-pass [This field may be encrypted for additional security.]

  • ssl_truststore

    The SSL truststore location for the storage cluster that agents use to connect to CQL. Example: ssl_truststore: /etc/dse/conf/.truststore

  • ssl_truststore_password

    The SSL truststore password for the storage cluster that agents use to connect to CQL. Example: ssl_truststore_password: truststore-pass [This field may be encrypted for additional security.]

  • use_ssl

    Whether or not to use SSL communication between the agent and opscenterd. Affects both the STOMP connection and the agent HTTP server. Corresponds to [agents].use_ssl in opscenterd.conf. Setting this option to true turns on SSL connections. Example: use_ssl: true

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2025 DataStax, an IBM Company | Privacy policy | Terms of use ·  Manage Privacy Choices

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com