Enabling intra-node encryption

Summary

For intra-node replicated data, you can enable SSL between Apache Cassandra servers:

http://www.datastax.com/docs/1.1/configuration/node_configuration#encryption-options

You must also generate keys and provide the appropriate key and trust store locations and passwords.

Solution

To generate keys you do the following:

1. Generate a keystore and a truststore to manage your ssl keys and certificates.
Follow the instructions here:

http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore

NOTE: The following steps need to be done on each node of your cluster

2. Place the two resulting files (keystore, truststore) from step 1. into the Cassandra configuration files directory, which for a packaged install should be /etc/dse/cassandra. 

http://www.datastax.com/docs/datastax_enterprise3.0/reference/reference_dse#packaged-install-locations

3. Edit encryption_options settings of cassandra.yaml, providing the correct locations and passwords for the keystore and truststore you setup in step 1. and enable the encryption.

4. Download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6:

http://www.oracle.com/technetwork/java/javase/downloads/index.html

5. Place the jar files from step 4. into the security folder for java, which is found here: $JAVA_HOME/jre/lib/security