Re: Cassandra Encryption

2016-11-22 Thread Jai Bheemsen Rao Dhanwada
Thanks Nate and Vladimir, I will give it a try. On Tue, Nov 22, 2016 at 12:48 AM, Vladimir Yudovin wrote: > >if I use the same certificate how does it helps? > This certificate will be recognized by all existing nodes, and no restart > will be needed. > > Or, as Nate

Re: Cassandra Encryption

2016-11-22 Thread Vladimir Yudovin
if I use the same certificate how does it helps? This certificate will be recognized by all existing nodes, and no restart will be needed. Or, as Nate suggested, you can use trusted root certificate to issue nodes' certificates. Best regards, Vladimir Yudovin, Winguzone - Hosted Cloud

Re: Cassandra Encryption

2016-11-22 Thread Nate McCall
You should be using a root certificate for signing all the node certificates to create a trust chain. That way nodes won't have to explicitly know about each other, only the root certificate. This post has some details:

Re: Cassandra Encryption

2016-11-22 Thread Jai Bheemsen Rao Dhanwada
yes, I am generating separate certificate for each node. even if I use the same certificate how does it helps? On Mon, Nov 21, 2016 at 9:02 PM, Vladimir Yudovin wrote: > Hi Jai, > > so do you generate separate certificate for each node? Why not use one > certificate for

Re: Cassandra Encryption

2016-11-21 Thread Vladimir Yudovin
Hi Jai, so do you generate separate certificate for each node? Why not use one certificate for all nodes? Best regards, Vladimir Yudovin, Winguzone - Hosted Cloud Cassandra Launch your cluster in minutes. On Mon, 21 Nov 2016 17:25:11 -0500Jai Bheemsen Rao Dhanwada

Cassandra Encryption

2016-11-21 Thread Jai Bheemsen Rao Dhanwada
Hello, I am setting up encryption on one of my cassandra cluster using the below procedure. server_encryption_options: internode_encryption: all keystore: /etc/keystore keystore_password: x truststore: /etc/truststore truststore_password: x