Support Policy      Security Notices
  1. DataStax Support
  2. DataStax Enterprise
  3. General

Enabling intra-node encryption

Follow

Summary

For intra-node replicated data, you can enable SSL between Apache Cassandra servers:

http://www.datastax.com/docs/1.1/configuration/node_configuration#encryption-options


You must also generate keys and provide the appropriate key and trust store locations and passwords.

Solution

To generate keys you do the following:

1. Generate a keystore and a truststore to manage your ssl keys and certificates.
Follow the instructions here:

http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore

 

NOTE: The following steps need to be done on each node of your cluster

2. Place the two resulting files (keystore, truststore) from step 1. into the Cassandra configuration files directory, which for a packaged install should be /etc/dse/cassandra. 

http://www.datastax.com/docs/datastax_enterprise3.0/reference/reference_dse#packaged-install-locations

3. Edit encryption_options settings of cassandra.yaml, providing the correct locations and passwords for the keystore and truststore you setup in step 1. and enable the encryption.

4. Download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6:

http://www.oracle.com/technetwork/java/javase/downloads/index.html

5. Place the jar files from step 4. into the security folder for java, which is found here: $JAVA_HOME/jre/lib/security

Jeremiah Jordan
Created: 2013-01-10 17:11:44 UTC
Last Update: 2017-07-14 23:41:04 UTC

Related articles

Comments

0 comments

Please sign in to leave a comment.