Connecting to Cassandra (2.1.0) over SSL from cqlsh

Question

i have cassandra 2.1.0 running on Debian 7.6.0 and cqlsh running on the same machine. when i try to connect through cqlsh,

$/usr/local/cassandra-2.1.0/bin/cqlsh --ssl --debug

i get the following error message:

Using CQL driver: <module 'cassandra' from '/usr/local/cassandra-2.1.0/bin/../lib/cassandra-driver-internal-only-2.1.0.post.zip/cassandra-driver-2.1.0.post/cassandra/__init__.py'>
Connection error: ('Unable to connect to any servers', {'127.0.0.1': SSLError(0, '_ssl.c:340: error:00000000:lib(0):func(0):reason(0)')})

the details are as follows. pls. let me know how to resolve this issue. thanks in advance.

server side

as explained in (http://www.datastax.com/documentation/cassandra/2.1/cassandra/security/secureSSLCertificates_t.html), i have generated a keystore and have modified cassandra.yaml as follows: client_encryption_options:

enabled: true

keystore: /usr/local/cassandra-2.1.0/ssl/.keystore

keystore_password: ***********

i have exported the public key of the server.

client side

copied the public key exported from the previous step into ~/keys/cassandra_node0.cert. modified ~/.cassandra/cqlshrc as follows:

[connection]
hostname = 127.0.0.1
port = 9042
factory = cqlshlib.ssl.ssl_transport_factory

[tracing]
max_trace_wait = 10.0

[ssl]
certfile = ~/keys/cassandra_node0.cert
validate = true

Answer 1

I had the same issue

Although you probably found the solution by now, but I think it can be beneficial to record the solution for other people.

I followed the documentation from here to create a .pem certificate.

My cqlshrc ssl configuration looks as follows

[ssl] certfile = /ssl/cqlsh.pem validate = false

That worked for me.

As with all ssl related topics in cassandra's documentation, this part isn't covered well enough.