cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vijay <vijay2...@gmail.com>
Subject Re: Encryption related question
Date Fri, 20 Jan 2012 21:49:09 GMT
I had the following writeup when i did the KS and TS creation... Hope this
helps

*Step 1:* Download your Organisation Cert/Cert Chain/Generate one.

*Step 2:* Login to any of one machine do the following to create p12

# openssl pkcs12 -export -in cassandra-app.cert -inkey cassandra-app.key
-certfile cassandra-app.cert -name "cassandra-app" -out cassandra-app.p12

*Step 3:* now you can create the Keystore

# keytool -importkeystore -srckeystore cassandra-app.p12 -srcstoretype
pkcs12 -destkeystore cassandra-app.jks -deststoretype JKS

- You might need the password at this stage.

*Step 4:* List to make sure you have the right one.

# keytool -list -v  -keystore cassandra-app.jks -storepass <Password>

*
*

*TrustStore:*

*Step 1:* Download the certificate chain from perforce.

Do all the steps as above and you have a trust store (Name it sensibly
to differentiate in the future)

keytool -import -keystore cassandra-app.truststore -file ca.pem -alias
cassandra-app -storepass <diffrent pass>

*Finally:* Checkin the files into conf dir in Perforce.

*Open Yaml File:*

And Add:

encryption_options:

    internode_encryption: *dc*

    keystore: conf/.keystore

    keystore_password: cassandra

    truststore: conf/.truststore

    truststore_password: cassandra


Regards,
</VJ>



On Fri, Jan 20, 2012 at 11:16 AM, A J <s5alye@gmail.com> wrote:

> Hello,
> I am trying to use internode encryption in Cassandra (1.0.6) for the first
> time.
>
> 1. Followed the steps 1 to 5 at
>
> http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore
> Q. In cassandra.yaml , what value goes for keystore ? I exported the
> certificate per step #3 above in duke.cer. Do I put the location and
> name of that file for this parameter ?
> Siminarly, what value goes for truststore ? The steps 1-5 don't
> indicate any other file to be exported that would possibly go here.
>
> Also do I need to follow these steps on each of the node ?
>
> Thanks
> AJ
>

Mime
View raw message