cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vijay <>
Subject Re: Encryption related question
Date Fri, 20 Jan 2012 21:49:09 GMT
I had the following writeup when i did the KS and TS creation... Hope this

*Step 1:* Download your Organisation Cert/Cert Chain/Generate one.

*Step 2:* Login to any of one machine do the following to create p12

# openssl pkcs12 -export -in cassandra-app.cert -inkey cassandra-app.key
-certfile cassandra-app.cert -name "cassandra-app" -out cassandra-app.p12

*Step 3:* now you can create the Keystore

# keytool -importkeystore -srckeystore cassandra-app.p12 -srcstoretype
pkcs12 -destkeystore cassandra-app.jks -deststoretype JKS

- You might need the password at this stage.

*Step 4:* List to make sure you have the right one.

# keytool -list -v  -keystore cassandra-app.jks -storepass <Password>



*Step 1:* Download the certificate chain from perforce.

Do all the steps as above and you have a trust store (Name it sensibly
to differentiate in the future)

keytool -import -keystore cassandra-app.truststore -file ca.pem -alias
cassandra-app -storepass <diffrent pass>

*Finally:* Checkin the files into conf dir in Perforce.

*Open Yaml File:*

And Add:


    internode_encryption: *dc*

    keystore: conf/.keystore

    keystore_password: cassandra

    truststore: conf/.truststore

    truststore_password: cassandra


On Fri, Jan 20, 2012 at 11:16 AM, A J <> wrote:

> Hello,
> I am trying to use internode encryption in Cassandra (1.0.6) for the first
> time.
> 1. Followed the steps 1 to 5 at
> Q. In cassandra.yaml , what value goes for keystore ? I exported the
> certificate per step #3 above in duke.cer. Do I put the location and
> name of that file for this parameter ?
> Siminarly, what value goes for truststore ? The steps 1-5 don't
> indicate any other file to be exported that would possibly go here.
> Also do I need to follow these steps on each of the node ?
> Thanks
> AJ

View raw message