From user-return-36376-apmail-cassandra-user-archive=cassandra.apache.org@cassandra.apache.org Thu Sep 5 18:09:12 2013 Return-Path: X-Original-To: apmail-cassandra-user-archive@www.apache.org Delivered-To: apmail-cassandra-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 0DD4F103F6 for ; Thu, 5 Sep 2013 18:09:12 +0000 (UTC) Received: (qmail 38731 invoked by uid 500); 5 Sep 2013 18:09:09 -0000 Delivered-To: apmail-cassandra-user-archive@cassandra.apache.org Received: (qmail 38714 invoked by uid 500); 5 Sep 2013 18:09:09 -0000 Mailing-List: contact user-help@cassandra.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@cassandra.apache.org Delivered-To: mailing list user@cassandra.apache.org Received: (qmail 38705 invoked by uid 99); 5 Sep 2013 18:09:08 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 05 Sep 2013 18:09:08 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of rwagner@eruces.com designates 209.85.128.171 as permitted sender) Received: from [209.85.128.171] (HELO mail-ve0-f171.google.com) (209.85.128.171) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 05 Sep 2013 18:09:01 +0000 Received: by mail-ve0-f171.google.com with SMTP id pa12so1534623veb.30 for ; Thu, 05 Sep 2013 11:08:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:mime-version:thread-index:date:message-id :subject:to:content-type; bh=c/LdXd+zbJTRvDKndmiwzqAgK03aSsRjAxs0lba/AA4=; b=Hc95Syi9mFzSXhakLyNM6i3eH1QB82IBZVUdb3qyqEmm/v/jI9zMqnd7pGaxQueQPj GRB2YV2uiTgM7av8X1Y+7V1BJq6a50qKU4Zz1b7/Y1Gm35B/FZA1idRb9UJb2JinKLuI VusW6Q8fPsLXhdHYU+P5CNBixLjuR1JL04qjNbzwXqWOFLWdR8aeofUjQnPLirnp2oPh JsSUC8uCfPfrdakUCkkriDdWhjMN5l/HoSM08J7gzL2tREksR2r6ZGsvJB20X8PSL8kx DIcEqv/c1ayUrHaga4sJSn4VYTd9uXya5APo2ZtXxpEJ06D0UHQsn6RdrGegv1nDulz7 7vqw== X-Gm-Message-State: ALoCoQnvThCLUr5wWIZVJMHC8g7wdwbmdV3sq3WpdGm6U/fpSqiE/4NpRw/+hf9kOUKf3O1GVslN X-Received: by 10.52.117.68 with SMTP id kc4mr3493460vdb.0.1378404521085; Thu, 05 Sep 2013 11:08:41 -0700 (PDT) From: Robert Wagner MIME-Version: 1.0 X-Mailer: Microsoft Outlook 14.0 Thread-Index: Ac6qYykYvqbjADVNRnWZ1U8aMq+y1A== Date: Thu, 5 Sep 2013 13:10:59 -0500 Message-ID: Subject: Client SSL - cassandra-cli -OK, cqlsh -Problem To: user@cassandra.apache.org Content-Type: multipart/alternative; boundary=bcaec5486672d61d8d04e5a6cf74 X-Virus-Checked: Checked by ClamAV on apache.org --bcaec5486672d61d8d04e5a6cf74 Content-Type: text/plain; charset=ISO-8859-1 I am having a problem connecting via SSL using cqlsh. If I try with the cassandra-cli command: cassandra-cli -ts /etc/cassandra/conf/.truststore -tspw -h -p 9160 -tf org.apache.cassandra.cli.transport.SSLTransportFactory it connects fine. If I try with cqlshrc [root@ccluster1 ~]# more .cqlshrc [connection] hostname = port = 9160 factory = cqlshlib.ssl.ssl_transport_factory [ssl] certfile = /bucket/cassandra/certs/myusercert.cer validate = true ## Optional, true by default. I get: Connection error: Could not connect to :9160 I don't see a method for pointing to the truststore using the cqlshrc file or providing the truststore password. Typically, the client has to trust the server's SSL cert somehow. Maybe I am missing something in setting up the client environment? Robert Wagner --bcaec5486672d61d8d04e5a6cf74 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable

I am having a problem connecting via SSL using cq= lsh. If I try with the cassandra-cli command:

cassandra-cli -ts /etc/= cassandra/conf/.truststore -tspw <password> -h <host> -p 9160 -= tf org.apache.cassandra.cli.transport.SSLTransportFactory

it connects fine. If I try with cqlshrc

[root@ccluster1 ~]# more .= cqlshrc
[connection]
hostname =3D <host>
port =3D 9160
fa= ctory =3D cqlshlib.ssl.ssl_transport_factory

[ssl]
certfile =3D /b= ucket/cassandra/certs/myusercert.cer
validate =3D true ## Optional, true by default.

I get: Connection err= or: Could not connect to <host>:9160
I don't see a method for = pointing to the truststore using the cqlshrc file or providing the truststo= re password. Typically, the client has to trust the server's SSL cert s= omehow. Maybe I am missing something in setting up the client environment? =

=A0

=A0

Robert Wagner

=A0

--bcaec5486672d61d8d04e5a6cf74--