Enabling SSL for AlwaysOn SQL

Communication with the AlwaysOn SQL can be encrypted using SSL.

Communication between the driver and AlwaysOn SQL can be encrypted using SSL.

The following instructions give an example of how to set up SSL with a self-signed keystore and truststore.


The location of the cassandra.yaml file depends on the type of installation:
Package installations /etc/dse/cassandra/cassandra.yaml
Tarball installations installation_location/resources/cassandra/conf/cassandra.yaml


For use with Spark, the default location of the hive-site.xml file is:
Package installations /etc/dse/spark/hive-site.xml
Tarball installations installation_location/resources/spark/conf/hive-site.xml


  1. Ensure client-to-node encryption is enabled and configured correctly.
  2. Optional: If the SSL keystore and truststore used for AlwaysOn SQL differ from the keystore and truststore configured in cassandra.yaml, add the required settings to enable SSL to the hive-site.xml configuration file.
    Note: By default the SSL settings in cassandra.yaml will be used with AlwaysOn SQL.
            <value>path to keystore/keystore.jks</value>
            <value>keystore password</value>
  3. Start or restart the AlwaysOn SQL service.
    Note: Changes in the hive-site.xml configuration file only require a restart of AlwaysOn SQL service, not DSE.
    dse client-tool alwayson-sql start
  4. Test the connection with Beeline.
    dse beeline
    beeline> !connect jdbc:hive2://hostname:10000/default;ssl=true;sslTrustStore=path to truststore/truststore.jks;trustStorePassword=truststore password
    Note: The JDBC URL for the Simba JDBC Driver is:
    jdbc:spark://hostname:10000/default;SSL=1;SSLTrustStore=path to truststore/truststore.jks;SSLTrustStorePwd=truststore password