cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jai Bheemsen Rao Dhanwada <jaibheem...@gmail.com>
Subject Re: Cassandra Encryption
Date Tue, 22 Nov 2016 17:33:27 GMT
Thanks Nate and Vladimir,

I will give it a try.

On Tue, Nov 22, 2016 at 12:48 AM, Vladimir Yudovin <vladyu@winguzone.com>
wrote:

> >if I use the same certificate how does it helps?
> This certificate will be recognized by all existing nodes, and no restart
> will be needed.
>
> Or, as Nate suggested, you can use trusted root certificate to issue
> nodes' certificates.
>
>
> Best regards, Vladimir Yudovin,
>
> *Winguzone <https://winguzone.com?from=list> - Hosted Cloud
> CassandraLaunch your cluster in minutes.*
>
>
> ---- On Tue, 22 Nov 2016 03:07:28 -0500*Jai Bheemsen Rao Dhanwada
> <jaibheemsen@gmail.com <jaibheemsen@gmail.com>>* wrote ----
>
> yes, I am generating separate certificate for each node.
> even if I use the same certificate how does it helps?
>
> On Mon, Nov 21, 2016 at 9:02 PM, Vladimir Yudovin <vladyu@winguzone.com>
> wrote:
>
>
> Hi Jai,
>
> so do you generate separate certificate for each node? Why not use one
> certificate for all nodes?
>
> Best regards, Vladimir Yudovin,
>
> *Winguzone <https://winguzone.com?from=list> - Hosted Cloud
> CassandraLaunch your cluster in minutes.*
>
>
> ---- On Mon, 21 Nov 2016 17:25:11 -0500*Jai Bheemsen Rao Dhanwada
> <jaibheemsen@gmail.com <jaibheemsen@gmail.com>>* wrote ----
>
> Hello,
>
> I am setting up encryption on one of my cassandra cluster using the below
> procedure.
>
> server_encryption_options:
>     internode_encryption: all
>     keystore: /etc/keystore
>     keystore_password: xxxxx
>     truststore: /etc/truststore
>     truststore_password: xxxxx
>
> http://docs.oracle.com/javase/6/docs/technotes/guides/
> security/jsse/JSSERefGuide.html#CreateKeystore
>
> However, one difficulty with this approach is whenever I am adding a new
> node I had to rolling restart all the C* nodes in the cluster, so that the
> truststore is updated with the new server information.
>
> Is there a way to automatically trigger a reload so that the truststore is
> updated on the existing machines without restart.
>
> Can someone please help ?
>
>
>
>

Mime
View raw message