Hi Sai, I would recommend following the approach described in this article via The Last Pickle: http://thelastpickle.com/blog/2015/09/30/hardening-cassandra -step-by-step-part-1-server-to-server.html
It does a really good job of laying out a strategy for internode encryption by rolling your own CA and trusting it instead of individual certificates for each node: Now this is where it all comes together. Since all of our instance-specific > keys have now been signed by the CA, we can share this trust store instance > across the cluster as it effectively just says āIām going to trust all > connections whose client certificates were signed by this CA.ā > Thanks, Andy On Tue, Sep 20, 2016 at 12:20 PM, sai krishnam raju potturi < pskraj...@gmail.com> wrote: > hi; > has anybody enabled SSL using a generic keystore for node-to-node > encryption. We're using 3rd party signed certificates, and want to avoid > the hassle of managing 100's of certificates. > > thanks > Sai > -- [image: DataStaxLogo copy3.png] <http://www.datastax.com/> Andrew Tolbert Software Engineer in Test | (612)-222-6271 | andrew.tolb...@datastax.com <https://www.linkedin.com/company/datastax> <https://www.facebook.com/datastax> <https://twitter.com/datastax> <https://plus.google.com/+Datastax/about> <http://feeds.feedburner.com/datastax> <https://github.com/datastax/> <http://cassandrasummit-datastax.com/>
