cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Holmberg <adam.holmb...@datastax.com>
Subject Re: FW: How to use cqlsh to access Cassandra DB if the client_encryption_options is enabled
Date Wed, 04 Feb 2015 15:16:41 GMT
Since I don't know what's in your keystore, or how it was generated, I
don't know how much help I can be.

You probably need "-alias <something>" on the command line, and make sure a
cert by the name "<something>" exists in your keystore. You can use
"keytool -list ..." to examine the contents.

Adam Holmberg

On Mon, Feb 2, 2015 at 4:15 AM, Lu, Boying <Boying.Lu@emc.com> wrote:

> Hi, Holmberg,
>
>
>
> I tried your suggestion and run the following command:
>
> keytool –exportcert –keystore path-to-my-keystore-file –storepass
> my-keystore-password –storetype JKS –file path-to-outptfile and
>
>
>
> I got following error:
>
> keytool error: java.lang.Exception: Alias <mykey> does not exist
>
>
>
> Do you know how to fix this issue?
>
>
>
> Thanks
>
>
>
> Boying
>
>
>
> *From:* Adam Holmberg [mailto:adam.holmberg@datastax.com]
> *Sent:* 2015年1月31日 1:12
> *To:* user@cassandra.apache.org
> *Subject:* Re: FW: How to use cqlsh to access Cassandra DB if the
> client_encryption_options is enabled
>
>
>
> Assuming the truststore you are referencing is the same one the server is
> using, it's probably in the wrong format. You will need to export the cert
> into a PEM format for use in the (Python) cqlsh client. If exporting from
> the java keystore format, use
>
>
>
> keytool -exportcert <source keystore, pass, etc> -rfc -file <output file>
>
>
>
> If you have the crt file, you should be able to accomplish the same using
> openssl:
>
>
>
> openssl x509 -in <in crt> -inform DER -out <output file> -outform PEM
>
>
>
> Then, you should refer to that PEM file in your command. Alternatively,
> you can specify a path to the file (along with other options) in your
> cqlshrc file.
>
>
>
> References:
>
> How cqlsh picks up ssl options
> <https://github.com/apache/cassandra/blob/cassandra-2.1/pylib/cqlshlib/sslhandling.py>
>
> Example cqlshrc file
> <https://github.com/apache/cassandra/blob/cassandra-2.1/conf/cqlshrc.sample>
>
>
>
> Adam Holmberg
>
>
>
> On Wed, Jan 28, 2015 at 1:08 AM, Lu, Boying <Boying.Lu@emc.com> wrote:
>
> Hi, All,
>
>
>
> Does anyone know the answer?
>
>
>
> Thanks a lot
>
>
>
> Boying
>
>
>
>
>
> *From:* Lu, Boying
> *Sent:* 2015年1月6日 11:21
> *To:* user@cassandra.apache.org
> *Subject:* How to use cqlsh to access Cassandra DB if the
> client_encryption_options is enabled
>
>
>
> Hi, All,
>
>
>
> I turned on the dbclient_encryption_options like this:
>
> client_encryption_options:
>
> enabled: *true*
>
> keystore:  path-to-my-keystore-file
>
> keystore_password:  my-keystore-password
>
> truststore: path-to-my-truststore-file
>
> truststore_password:  my-truststore-password
>
> …
>
>
>
> I can use following cassandra-cli command to access DB:
>
> cassandra-cli  -ts path-to-my-truststore-file –tspw my-truststore-password
> –tf org.apache.cassandra.thrift.SSLTransportFactory
>
>
>
> But when I tried to access DB by cqlsh like this:
>
> SSL_CERTFILE=path-to-my-truststore cqlsh –t
> cqlishlib.ssl.ssl_transport_factory
>
>
>
> I got following error:
>
> Connection error: Could not connect to localhost:9160: [Errno 0]
> _ssl.c:332: error:00000000:lib(0):func(0):reason(0)
>
>
>
> I guess the reason maybe is that I didn’t provide the trustore password.
> But cqlsh doesn’t provide such option.
>
>
>
> Does anyone know how to resolve this issue?
>
>
>
> Thanks
>
>
>
> Boying
>
>
>
>
>

Mime
View raw message