DataStax Help Center

Working ~/.cqlshrc file to enable cqlsh connection to cluster when client-to-node encryption is enabled

; Licensed to the Apache Software Foundation (ASF) under one
; or more contributor license agreements. See the NOTICE file
; distributed with this work for additional information
; regarding copyright ownership. The ASF licenses this file
; to you under the Apache License, Version 2.0 (the
; "License"); you may not use this file except in compliance
; with the License. You may obtain a copy of the License at
; Unless required by applicable law or agreed to in writing,
; software distributed under the License is distributed on an
; KIND, either express or implied. See the License for the
; specific language governing permissions and limitations
; under the License.
; Sample ~/.cqlshrc file with SSL configuration.

;username = fred
;password = !!bang!!$

hostname =
port = 9160
factory = cqlshlib.ssl.ssl_transport_factory

;certfile = ~/keys/cassandra.cert
; optional - true by default.
validate = false

; optional section, overrides default certfile in [ssl] section, if present
[certfiles] = /etc/dse/cassandra/conf/dsenode0.cer = /etc/dse/cassandra/conf/dsenode1.cer = /etc/dse/cassandra/conf/dsenode2.cer
; vim: set ft=dosini :


In the docs and the comments for the file it states that the optional [certfiles] section will override the [ssl] section.  I found this not to be the case at least in the DSE 3.1.x test environment:

IOError: Certificate Authority ca_certs file "/root/keys/cassandra.cert" is not readable, cannot validate SSL certificates.

Once you comment out the first two lines and change validate=false, cqlsh will work.  Of course you must install the appropriate cert files onto the client machine and point the .cqlshrc to the correct location as well.  The .cqlshrc file goes into the home directory of the user you will be using to run cqlsh.


Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Powered by Zendesk