[
https://issues.apache.org/jira/browse/CASSANDRA-5120?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13588879#comment-13588879
]
Ryan McGuire commented on CASSANDRA-5120:
-----------------------------------------
Given that cqlsh doesn't have the capability to use client certificates, I was
curious if I could jury rig it through stunnel. Looks like it works.
My stunnel config:
{code}
client = yes
cert = client.pem
foreground = yes
debug = 7
pid = /tmp/stunnel-client.pid
[cqlsh]
accept = 9161
connect = 127.0.0.1:9160
{code}
This creates a clear text port 9161 that tunnels through to cassandra's SSL
encrypted port 9160. You start stunnel with that config and then use cqlsh
connecting to port 9161:
{code}
$ CQLSH_PORT=9161 cqlsh
Connected to ssl at 127.0.0.1:9161.
[cqlsh 2.3.0 | Cassandra 1.2.2-SNAPSHOT | CQL spec 3.0.0 | Thrift protocol
19.35.0]
Use HELP for help.
cqlsh>
{code}
> Add support for SSL sockets to use client certificate authentication.
> ---------------------------------------------------------------------
>
> Key: CASSANDRA-5120
> URL: https://issues.apache.org/jira/browse/CASSANDRA-5120
> Project: Cassandra
> Issue Type: Improvement
> Components: Core
> Affects Versions: 1.2.0
> Reporter: Steven Franklin
> Assignee: Aleksey Yeschenko
> Priority: Minor
> Fix For: 1.2.1
>
> Attachments: trunk-5120.txt
>
>
> Add an option to EncryptionOptions to require client certication
> authentication.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
