You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@cassandra.apache.org by A J <s5...@gmail.com> on 2012/01/20 20:16:25 UTC

Encryption related question

Hello,
I am trying to use internode encryption in Cassandra (1.0.6) for the first time.

1. Followed the steps 1 to 5 at
http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore
Q. In cassandra.yaml , what value goes for keystore ? I exported the
certificate per step #3 above in duke.cer. Do I put the location and
name of that file for this parameter ?
Siminarly, what value goes for truststore ? The steps 1-5 don't
indicate any other file to be exported that would possibly go here.

Also do I need to follow these steps on each of the node ?

Thanks
AJ

Re: Encryption related question

Posted by Vijay <vi...@gmail.com>.

I had the following writeup when i did the KS and TS creation... Hope this
helps

*Step 1:* Download your Organisation Cert/Cert Chain/Generate one.

*Step 2:* Login to any of one machine do the following to create p12

# openssl pkcs12 -export -in cassandra-app.cert -inkey cassandra-app.key
-certfile cassandra-app.cert -name "cassandra-app" -out cassandra-app.p12

*Step 3:* now you can create the Keystore

# keytool -importkeystore -srckeystore cassandra-app.p12 -srcstoretype
pkcs12 -destkeystore cassandra-app.jks -deststoretype JKS

- You might need the password at this stage.

*Step 4:* List to make sure you have the right one.

# keytool -list -v  -keystore cassandra-app.jks -storepass <Password>

*
*

*TrustStore:*

*Step 1:* Download the certificate chain from perforce.

Do all the steps as above and you have a trust store (Name it sensibly
to differentiate in the future)

keytool -import -keystore cassandra-app.truststore -file ca.pem -alias
cassandra-app -storepass <diffrent pass>

*Finally:* Checkin the files into conf dir in Perforce.

*Open Yaml File:*

And Add:

encryption_options:

    internode_encryption: *dc*

    keystore: conf/.keystore

    keystore_password: cassandra

    truststore: conf/.truststore

    truststore_password: cassandra


Regards,
</VJ>



On Fri, Jan 20, 2012 at 11:16 AM, A J <s5...@gmail.com> wrote:

> Hello,
> I am trying to use internode encryption in Cassandra (1.0.6) for the first
> time.
>
> 1. Followed the steps 1 to 5 at
>
> http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore
> Q. In cassandra.yaml , what value goes for keystore ? I exported the
> certificate per step #3 above in duke.cer. Do I put the location and
> name of that file for this parameter ?
> Siminarly, what value goes for truststore ? The steps 1-5 don't
> indicate any other file to be exported that would possibly go here.
>
> Also do I need to follow these steps on each of the node ?
>
> Thanks
> AJ
>