[ https://issues.apache.org/jira/browse/CASSANDRA-5120?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13588879#comment-13588879 ]
Ryan McGuire commented on CASSANDRA-5120: ----------------------------------------- Given that cqlsh doesn't have the capability to use client certificates, I was curious if I could jury rig it through stunnel. Looks like it works. My stunnel config: {code} client = yes cert = client.pem foreground = yes debug = 7 pid = /tmp/stunnel-client.pid [cqlsh] accept = 9161 connect = 127.0.0.1:9160 {code} This creates a clear text port 9161 that tunnels through to cassandra's SSL encrypted port 9160. You start stunnel with that config and then use cqlsh connecting to port 9161: {code} $ CQLSH_PORT=9161 cqlsh Connected to ssl at 127.0.0.1:9161. [cqlsh 2.3.0 | Cassandra 1.2.2-SNAPSHOT | CQL spec 3.0.0 | Thrift protocol 19.35.0] Use HELP for help. cqlsh> {code} > Add support for SSL sockets to use client certificate authentication. > --------------------------------------------------------------------- > > Key: CASSANDRA-5120 > URL: https://issues.apache.org/jira/browse/CASSANDRA-5120 > Project: Cassandra > Issue Type: Improvement > Components: Core > Affects Versions: 1.2.0 > Reporter: Steven Franklin > Assignee: Aleksey Yeschenko > Priority: Minor > Fix For: 1.2.1 > > Attachments: trunk-5120.txt > > > Add an option to EncryptionOptions to require client certication > authentication. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira