cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeremy Jongsma <jer...@barchart.com>
Subject Re: Managing truststores with inter-node encryption
Date Fri, 30 May 2014 15:03:47 GMT
It appears that only adding the CA certificate to the truststore is
sufficient for this.


On Thu, May 22, 2014 at 10:05 AM, Jeremy Jongsma <jeremy@barchart.com>
wrote:

> The docs say that each node needs every other node's certificate in its
> local truststore:
>
>
> http://www.datastax.com/documentation/cassandra/1.2/cassandra/security/secureSSLCertificates_t.html
>
> This seems like a bit of a headache for adding nodes to a cluster. How do
> others deal with this?
>
> 1) If I am self-signing the client certificates (with puppetmaster), is it
> enough that the truststore just contain the CA certificate used to sign
> them? This is the typical PKI mechanism for verifying trust, so I am hoping
> it works here.
>
> 2) If not, can I use the same certificate for every node? If so, what is
> the downside? I'm mainly concerned with encryption over public internet
> links, not node identity verification.
>
>
>

Mime
View raw message