Reputation: 31
Datastax Cassandra SSL
I'm new to Cassandra and just installed DataStax Community Edition 3-node cluster in our QA environment. I'd like to secure node-to-node and client-to-node communications within my cluster using GlobalSign wildcard SSL cert that I already have. So far I found posts showing how to secure cluster using your own CA but wasn't able to find any mentions on how to use wildcard certs. Basically, I'd like to install my wildcard cert to all nodes in the cluster and use DNS A-records to match node IP address and the DNS name (e.g. 10.100.1.1 > node01.domain.com).
Is that even possible? Any help is greatly appreciated!
Mike
Upvotes: 1
Views: 245
Answers (1)
Reputation: 5249
Using anything but certificate pinning as described in the reference is insecure, as Cassandra will not validate if the hostname the certificate was created for is actually the host trying to connect. See CASSANDRA-9220 for details.
Upvotes: 1
Related Questions
- Datastax Cassandra - Cqlsh with SSL not working
- connecting cassandra through ssl with datastax cassandra JAVA driver
- How to configure sslOptions using Node.js driver for Cassandra?
- Using cqlsh with ssl
- ConnectionException when connecting to Cassandra with DataStax Java driver 1.0.5
- connecting to cassandra using datastax' connector
- DataStax DSE Cassandra SSL - Unrecognized SSL message, plaintext connection?
- How to set up Cassandra client-to-node encryption with the DataStax Java driver?
- Error enabling SSL while installing cassandra(DataStax Community Edition)on Windows
- Datastax Cassandra Windows Service