cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lu, Boying" <Boying...@emc.com>
Subject RE: FW: How to use cqlsh to access Cassandra DB if the client_encryption_options is enabled
Date Mon, 02 Feb 2015 09:23:34 GMT
Thanks a lot ;)

I’ll try your suggestions.

From: Adam Holmberg [mailto:adam.holmberg@datastax.com]
Sent: 2015年1月31日 1:12
To: user@cassandra.apache.org
Subject: Re: FW: How to use cqlsh to access Cassandra DB if the client_encryption_options
is enabled

Assuming the truststore you are referencing is the same one the server is using, it's probably
in the wrong format. You will need to export the cert into a PEM format for use in the (Python)
cqlsh client. If exporting from the java keystore format, use

keytool -exportcert <source keystore, pass, etc> -rfc -file <output file>

If you have the crt file, you should be able to accomplish the same using openssl:

openssl x509 -in <in crt> -inform DER -out <output file> -outform PEM

Then, you should refer to that PEM file in your command. Alternatively, you can specify a
path to the file (along with other options) in your cqlshrc file.

References:
How cqlsh picks up ssl options<https://github.com/apache/cassandra/blob/cassandra-2.1/pylib/cqlshlib/sslhandling.py>
Example cqlshrc file<https://github.com/apache/cassandra/blob/cassandra-2.1/conf/cqlshrc.sample>

Adam Holmberg

On Wed, Jan 28, 2015 at 1:08 AM, Lu, Boying <Boying.Lu@emc.com<mailto:Boying.Lu@emc.com>>
wrote:
Hi, All,

Does anyone know the answer?

Thanks a lot

Boying


From: Lu, Boying
Sent: 2015年1月6日 11:21
To: user@cassandra.apache.org<mailto:user@cassandra.apache.org>
Subject: How to use cqlsh to access Cassandra DB if the client_encryption_options is enabled

Hi, All,

I turned on the dbclient_encryption_options like this:
client_encryption_options:
enabled: true
keystore:  path-to-my-keystore-file
keystore_password:  my-keystore-password
truststore: path-to-my-truststore-file
truststore_password:  my-truststore-password
…

I can use following cassandra-cli command to access DB:
cassandra-cli  -ts path-to-my-truststore-file –tspw my-truststore-password –tf org.apache.cassandra.thrift.SSLTransportFactory

But when I tried to access DB by cqlsh like this:
SSL_CERTFILE=path-to-my-truststore cqlsh –t cqlishlib.ssl.ssl_transport_factory

I got following error:
Connection error: Could not connect to localhost:9160: [Errno 0] _ssl.c:332: error:00000000:lib(0):func(0):reason(0)

I guess the reason maybe is that I didn’t provide the trustore password.   But cqlsh doesn’t
provide such option.

Does anyone know how to resolve this issue?

Thanks

Boying


Mime
View raw message