What does this error mean?
This error means the hot reloading of an SSL certificate failed.
Why does this error occur?
SSL certificate hot reloading was added in CASSANDRA-14222, with several improvements since then. The SSL certificate hot reloading periodically (every 10 minutes, hard coded) checks whether the timestamps of keystore and truststore files for server and client encryption are changed, and if they are, recreates SSL context with the new keystore and truststore files. CASSANDRA-14991 added the improvement that before recreating SSL context, Cassandra performs the validation of those keystore and truststore files.
The error is logged when:
- there is an I/O or format problem with the keystore/truststore data
- the password was incorrect
- the algorithm used to check the integrity of the keystore cannot be found
- any of the certificates in the keystore/truststore could not be loaded
How do you fix this error?
Verify the password used is correct, and that all of the certificates are in the proper location for the keystone/truststore.