CODEWITHSUNDEEP
pythoncassandra
jtcloud
jtcloud

Reputation: 559

How to use the Python driver for Cassandra to connect to the cluster with keystore and truststore files?

I can use keystore and trustore files with the password string to connect to Datastax Dev Center. However, I looked around the internet but there's no documentation about how to use these files with the Python driver for Cassandra. Everything is about certificate and keystore files only.

I get the error "ssl:3517" when connecting to the host.

Upvotes: 0

Views: 732

Answers (1)

Alex Ott
Alex Ott

Reputation: 87119

Python driver doesn't work with keystore/trustore yet (they are Java-specific). You need to export your certificate and key from these files into PEM format, and connect as described in documentation:

from cassandra.cluster import Cluster
from ssl import PROTOCOL_TLSv1, CERT_REQUIRED

ssl_opts = {
    'ca_certs': '/path/to/my/ca.certs',
    'ssl_version': PROTOCOL_TLSv1,
    'cert_reqs': CERT_REQUIRED  # Certificates are required and validated
}
cluster = Cluster(ssl_options=ssl_opts)

if cluster has client's certificate check enabled, then you need to specify keyfile and certfile parameters in the ssl_opts dictionary, passing the path to key and certificate files. See python's documentation for all available options.

You can extract data from keystore and convert into supported PEM format with something like this:

keytool -importkeystore -srckeystore myapp.jks -destkeystore myapp.p12 \
  -srcalias myapp-dev -srcstoretype jks -deststoretype pkcs12
openssl pkcs12 -in myapp.p12 -out myapp.pem

Upvotes: 3

Related Questions