cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vladimir Yudovin <vla...@winguzone.com>
Subject Re: JConsole Support for SSL in C* 2.0
Date Wed, 12 Oct 2016 13:05:41 GMT
Hi,



I didn't try, but I guess it's possible.



Look at conf/cassandra-env.sh in latest versions:



  JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl=false"

#  JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.keyStore=/path/to/keystore"

#  JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.keyStorePassword=&lt;keystore-password&gt;"

#  JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.trustStore=/path/to/truststore"

#  JVM_OPTS="$JVM_OPTS -Djavax.net.ssl.trustStorePassword=&lt;truststore-password&gt;"

#  JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl.need.client.auth=true"

#  JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.registry.ssl=true"

#  JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl.enabled.protocols=&lt;enabled-protocols&gt;"

#  JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl.enabled.cipher.suites=&lt;enabled-cipher-suites&gt;"




You see ssl and keystore options.



The same in 2.0.17, the only SSL option is:

JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl=false"



Though this config file fo version 2.0 doesn't contain keystore options I think it's worth
to try to add them in v2.0. enable SSL and check whether it works.





Best regards, Vladimir Yudovin, 

Winguzone - Hosted Cloud Cassandra on Azure and SoftLayer.
Launch your cluster in minutes.





---- On Wed, 12 Oct 2016 08:08:34 -0400Amit Singh F &lt;amit.f.singh@ericsson.com&gt;
wrote ----




Hi All,

 

I was looking through the documentation of Security in C* 2.0, I noticed that there is no
such mention of Jconsole over SSL whereas in latest 3.x doc, I can spot that :

 

http://docs.datastax.com/en/cassandra_win/3.0/cassandra/configuration/secureJconsoleSSL.html

 

so what I can infer from this is that only in C* 3.x, we can secure Jconsole over SSL?

Also in C* 2.0 , SSL can only be used by clients except nodetool,jconsole ?

 

Please correct me if I am on wrong way .

 

Regards

Amit Singh

Datastax Certified Developer








Mime
View raw message