Re: FW: How to use cqlsh to access Cassandra DB if the client_encryption_options is enabled
Since I don't know what's in your keystore, or how it was generated, I don't know how much help I can be. You probably need -alias something on the command line, and make sure a cert by the name something exists in your keystore. You can use keytool -list ... to examine the contents. Adam Holmberg On Mon, Feb 2, 2015 at 4:15 AM, Lu, Boying boying...@emc.com wrote: Hi, Holmberg, I tried your suggestion and run the following command: keytool –exportcert –keystore path-to-my-keystore-file –storepass my-keystore-password –storetype JKS –file path-to-outptfile and I got following error: keytool error: java.lang.Exception: Alias mykey does not exist Do you know how to fix this issue? Thanks Boying *From:* Adam Holmberg [mailto:adam.holmb...@datastax.com] *Sent:* 2015年1月31日 1:12 *To:* user@cassandra.apache.org *Subject:* Re: FW: How to use cqlsh to access Cassandra DB if the client_encryption_options is enabled Assuming the truststore you are referencing is the same one the server is using, it's probably in the wrong format. You will need to export the cert into a PEM format for use in the (Python) cqlsh client. If exporting from the java keystore format, use keytool -exportcert source keystore, pass, etc -rfc -file output file If you have the crt file, you should be able to accomplish the same using openssl: openssl x509 -in in crt -inform DER -out output file -outform PEM Then, you should refer to that PEM file in your command. Alternatively, you can specify a path to the file (along with other options) in your cqlshrc file. References: How cqlsh picks up ssl options https://github.com/apache/cassandra/blob/cassandra-2.1/pylib/cqlshlib/sslhandling.py Example cqlshrc file https://github.com/apache/cassandra/blob/cassandra-2.1/conf/cqlshrc.sample Adam Holmberg On Wed, Jan 28, 2015 at 1:08 AM, Lu, Boying boying...@emc.com wrote: Hi, All, Does anyone know the answer? Thanks a lot Boying *From:* Lu, Boying *Sent:* 2015年1月6日 11:21 *To:* user@cassandra.apache.org *Subject:* How to use cqlsh to access Cassandra DB if the client_encryption_options is enabled Hi, All, I turned on the dbclient_encryption_options like this: client_encryption_options: enabled: *true* keystore: path-to-my-keystore-file keystore_password: my-keystore-password truststore: path-to-my-truststore-file truststore_password: my-truststore-password … I can use following cassandra-cli command to access DB: cassandra-cli -ts path-to-my-truststore-file –tspw my-truststore-password –tf org.apache.cassandra.thrift.SSLTransportFactory But when I tried to access DB by cqlsh like this: SSL_CERTFILE=path-to-my-truststore cqlsh –t cqlishlib.ssl.ssl_transport_factory I got following error: Connection error: Could not connect to localhost:9160: [Errno 0] _ssl.c:332: error::lib(0):func(0):reason(0) I guess the reason maybe is that I didn’t provide the trustore password. But cqlsh doesn’t provide such option. Does anyone know how to resolve this issue? Thanks Boying
RE: FW: How to use cqlsh to access Cassandra DB if the client_encryption_options is enabled
Thanks a lot. I think I need the ‘ –alias’ option. From: Adam Holmberg [mailto:adam.holmb...@datastax.com] Sent: 2015年2月4日 23:17 To: user@cassandra.apache.org Subject: Re: FW: How to use cqlsh to access Cassandra DB if the client_encryption_options is enabled Since I don't know what's in your keystore, or how it was generated, I don't know how much help I can be. You probably need -alias something on the command line, and make sure a cert by the name something exists in your keystore. You can use keytool -list ... to examine the contents. Adam Holmberg On Mon, Feb 2, 2015 at 4:15 AM, Lu, Boying boying...@emc.commailto:boying...@emc.com wrote: Hi, Holmberg, I tried your suggestion and run the following command: keytool –exportcert –keystore path-to-my-keystore-file –storepass my-keystore-password –storetype JKS –file path-to-outptfile and I got following error: keytool error: java.lang.Exception: Alias mykey does not exist Do you know how to fix this issue? Thanks Boying From: Adam Holmberg [mailto:adam.holmb...@datastax.commailto:adam.holmb...@datastax.com] Sent: 2015年1月31日 1:12 To: user@cassandra.apache.orgmailto:user@cassandra.apache.org Subject: Re: FW: How to use cqlsh to access Cassandra DB if the client_encryption_options is enabled Assuming the truststore you are referencing is the same one the server is using, it's probably in the wrong format. You will need to export the cert into a PEM format for use in the (Python) cqlsh client. If exporting from the java keystore format, use keytool -exportcert source keystore, pass, etc -rfc -file output file If you have the crt file, you should be able to accomplish the same using openssl: openssl x509 -in in crt -inform DER -out output file -outform PEM Then, you should refer to that PEM file in your command. Alternatively, you can specify a path to the file (along with other options) in your cqlshrc file. References: How cqlsh picks up ssl optionshttps://github.com/apache/cassandra/blob/cassandra-2.1/pylib/cqlshlib/sslhandling.py Example cqlshrc filehttps://github.com/apache/cassandra/blob/cassandra-2.1/conf/cqlshrc.sample Adam Holmberg On Wed, Jan 28, 2015 at 1:08 AM, Lu, Boying boying...@emc.commailto:boying...@emc.com wrote: Hi, All, Does anyone know the answer? Thanks a lot Boying From: Lu, Boying Sent: 2015年1月6日 11:21 To: user@cassandra.apache.orgmailto:user@cassandra.apache.org Subject: How to use cqlsh to access Cassandra DB if the client_encryption_options is enabled Hi, All, I turned on the dbclient_encryption_options like this: client_encryption_options: enabled: true keystore: path-to-my-keystore-file keystore_password: my-keystore-password truststore: path-to-my-truststore-file truststore_password: my-truststore-password … I can use following cassandra-cli command to access DB: cassandra-cli -ts path-to-my-truststore-file –tspw my-truststore-password –tf org.apache.cassandra.thrift.SSLTransportFactory But when I tried to access DB by cqlsh like this: SSL_CERTFILE=path-to-my-truststore cqlsh –t cqlishlib.ssl.ssl_transport_factory I got following error: Connection error: Could not connect to localhost:9160: [Errno 0] _ssl.c:332: error::lib(0):func(0):reason(0) I guess the reason maybe is that I didn’t provide the trustore password. But cqlsh doesn’t provide such option. Does anyone know how to resolve this issue? Thanks Boying
RE: FW: How to use cqlsh to access Cassandra DB if the client_encryption_options is enabled
Hi, Holmberg, I tried your suggestion and run the following command: keytool –exportcert –keystore path-to-my-keystore-file –storepass my-keystore-password –storetype JKS –file path-to-outptfile and I got following error: keytool error: java.lang.Exception: Alias mykey does not exist Do you know how to fix this issue? Thanks Boying From: Adam Holmberg [mailto:adam.holmb...@datastax.com] Sent: 2015年1月31日 1:12 To: user@cassandra.apache.org Subject: Re: FW: How to use cqlsh to access Cassandra DB if the client_encryption_options is enabled Assuming the truststore you are referencing is the same one the server is using, it's probably in the wrong format. You will need to export the cert into a PEM format for use in the (Python) cqlsh client. If exporting from the java keystore format, use keytool -exportcert source keystore, pass, etc -rfc -file output file If you have the crt file, you should be able to accomplish the same using openssl: openssl x509 -in in crt -inform DER -out output file -outform PEM Then, you should refer to that PEM file in your command. Alternatively, you can specify a path to the file (along with other options) in your cqlshrc file. References: How cqlsh picks up ssl optionshttps://github.com/apache/cassandra/blob/cassandra-2.1/pylib/cqlshlib/sslhandling.py Example cqlshrc filehttps://github.com/apache/cassandra/blob/cassandra-2.1/conf/cqlshrc.sample Adam Holmberg On Wed, Jan 28, 2015 at 1:08 AM, Lu, Boying boying...@emc.commailto:boying...@emc.com wrote: Hi, All, Does anyone know the answer? Thanks a lot Boying From: Lu, Boying Sent: 2015年1月6日 11:21 To: user@cassandra.apache.orgmailto:user@cassandra.apache.org Subject: How to use cqlsh to access Cassandra DB if the client_encryption_options is enabled Hi, All, I turned on the dbclient_encryption_options like this: client_encryption_options: enabled: true keystore: path-to-my-keystore-file keystore_password: my-keystore-password truststore: path-to-my-truststore-file truststore_password: my-truststore-password … I can use following cassandra-cli command to access DB: cassandra-cli -ts path-to-my-truststore-file –tspw my-truststore-password –tf org.apache.cassandra.thrift.SSLTransportFactory But when I tried to access DB by cqlsh like this: SSL_CERTFILE=path-to-my-truststore cqlsh –t cqlishlib.ssl.ssl_transport_factory I got following error: Connection error: Could not connect to localhost:9160: [Errno 0] _ssl.c:332: error::lib(0):func(0):reason(0) I guess the reason maybe is that I didn’t provide the trustore password. But cqlsh doesn’t provide such option. Does anyone know how to resolve this issue? Thanks Boying
RE: FW: How to use cqlsh to access Cassandra DB if the client_encryption_options is enabled
Thanks a lot ;) I’ll try your suggestions. From: Adam Holmberg [mailto:adam.holmb...@datastax.com] Sent: 2015年1月31日 1:12 To: user@cassandra.apache.org Subject: Re: FW: How to use cqlsh to access Cassandra DB if the client_encryption_options is enabled Assuming the truststore you are referencing is the same one the server is using, it's probably in the wrong format. You will need to export the cert into a PEM format for use in the (Python) cqlsh client. If exporting from the java keystore format, use keytool -exportcert source keystore, pass, etc -rfc -file output file If you have the crt file, you should be able to accomplish the same using openssl: openssl x509 -in in crt -inform DER -out output file -outform PEM Then, you should refer to that PEM file in your command. Alternatively, you can specify a path to the file (along with other options) in your cqlshrc file. References: How cqlsh picks up ssl optionshttps://github.com/apache/cassandra/blob/cassandra-2.1/pylib/cqlshlib/sslhandling.py Example cqlshrc filehttps://github.com/apache/cassandra/blob/cassandra-2.1/conf/cqlshrc.sample Adam Holmberg On Wed, Jan 28, 2015 at 1:08 AM, Lu, Boying boying...@emc.commailto:boying...@emc.com wrote: Hi, All, Does anyone know the answer? Thanks a lot Boying From: Lu, Boying Sent: 2015年1月6日 11:21 To: user@cassandra.apache.orgmailto:user@cassandra.apache.org Subject: How to use cqlsh to access Cassandra DB if the client_encryption_options is enabled Hi, All, I turned on the dbclient_encryption_options like this: client_encryption_options: enabled: true keystore: path-to-my-keystore-file keystore_password: my-keystore-password truststore: path-to-my-truststore-file truststore_password: my-truststore-password … I can use following cassandra-cli command to access DB: cassandra-cli -ts path-to-my-truststore-file –tspw my-truststore-password –tf org.apache.cassandra.thrift.SSLTransportFactory But when I tried to access DB by cqlsh like this: SSL_CERTFILE=path-to-my-truststore cqlsh –t cqlishlib.ssl.ssl_transport_factory I got following error: Connection error: Could not connect to localhost:9160: [Errno 0] _ssl.c:332: error::lib(0):func(0):reason(0) I guess the reason maybe is that I didn’t provide the trustore password. But cqlsh doesn’t provide such option. Does anyone know how to resolve this issue? Thanks Boying
Re: FW: How to use cqlsh to access Cassandra DB if the client_encryption_options is enabled
Assuming the truststore you are referencing is the same one the server is using, it's probably in the wrong format. You will need to export the cert into a PEM format for use in the (Python) cqlsh client. If exporting from the java keystore format, use keytool -exportcert source keystore, pass, etc -rfc -file output file If you have the crt file, you should be able to accomplish the same using openssl: openssl x509 -in in crt -inform DER -out output file -outform PEM Then, you should refer to that PEM file in your command. Alternatively, you can specify a path to the file (along with other options) in your cqlshrc file. References: How cqlsh picks up ssl options https://github.com/apache/cassandra/blob/cassandra-2.1/pylib/cqlshlib/sslhandling.py Example cqlshrc file https://github.com/apache/cassandra/blob/cassandra-2.1/conf/cqlshrc.sample Adam Holmberg On Wed, Jan 28, 2015 at 1:08 AM, Lu, Boying boying...@emc.com wrote: Hi, All, Does anyone know the answer? Thanks a lot Boying *From:* Lu, Boying *Sent:* 2015年1月6日 11:21 *To:* user@cassandra.apache.org *Subject:* How to use cqlsh to access Cassandra DB if the client_encryption_options is enabled Hi, All, I turned on the dbclient_encryption_options like this: client_encryption_options: enabled: *true* keystore: path-to-my-keystore-file keystore_password: my-keystore-password truststore: path-to-my-truststore-file truststore_password: my-truststore-password … I can use following cassandra-cli command to access DB: cassandra-cli -ts path-to-my-truststore-file –tspw my-truststore-password –tf org.apache.cassandra.thrift.SSLTransportFactory But when I tried to access DB by cqlsh like this: SSL_CERTFILE=path-to-my-truststore cqlsh –t cqlishlib.ssl.ssl_transport_factory I got following error: Connection error: Could not connect to localhost:9160: [Errno 0] _ssl.c:332: error::lib(0):func(0):reason(0) I guess the reason maybe is that I didn’t provide the trustore password. But cqlsh doesn’t provide such option. Does anyone know how to resolve this issue? Thanks Boying
FW: How to use cqlsh to access Cassandra DB if the client_encryption_options is enabled
Hi, All, Does anyone know the answer? Thanks a lot Boying From: Lu, Boying Sent: 2015年1月6日 11:21 To: user@cassandra.apache.org Subject: How to use cqlsh to access Cassandra DB if the client_encryption_options is enabled Hi, All, I turned on the dbclient_encryption_options like this: client_encryption_options: enabled: true keystore: path-to-my-keystore-file keystore_password: my-keystore-password truststore: path-to-my-truststore-file truststore_password: my-truststore-password … I can use following cassandra-cli command to access DB: cassandra-cli -ts path-to-my-truststore-file �Ctspw my-truststore-password �Ctf org.apache.cassandra.thrift.SSLTransportFactory But when I tried to access DB by cqlsh like this: SSL_CERTFILE=path-to-my-truststore cqlsh �Ct cqlishlib.ssl.ssl_transport_factory I got following error: Connection error: Could not connect to localhost:9160: [Errno 0] _ssl.c:332: error::lib(0):func(0):reason(0) I guess the reason maybe is that I didn’t provide the trustore password. But cqlsh doesn’t provide such option. Does anyone know how to resolve this issue? Thanks Boying
How to use cqlsh to access Cassandra DB if the client_encryption_options is enabled
Hi, All, I turned on the dbclient_encryption_options like this: client_encryption_options: enabled: true keystore: path-to-my-keystore-file keystore_password: my-keystore-password truststore: path-to-my-truststore-file truststore_password: my-truststore-password ... I can use following cassandra-cli command to access DB: cassandra-cli -ts path-to-my-truststore-file -tspw my-truststore-password -tf org.apache.cassandra.thrift.SSLTransportFactory But when I tried to access DB by cqlsh like this: SSL_CERTFILE=path-to-my-truststore cqlsh -t cqlishlib.ssl.ssl_transport_factory I got following error: Connection error: Could not connect to localhost:9160: [Errno 0] _ssl.c:332: error::lib(0):func(0):reason(0) I guess the reason maybe is that I didn't provide the trustore password. But cqlsh doesn't provide such option. Does anyone know how to resolve this issue? Thanks Boying