[
https://issues.apache.org/jira/browse/CASSANDRA-7528?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Brandon Williams updated CASSANDRA-7528:
----------------------------------------
Attachment: 7528.txt
Patch to log a warning for any expired certs the first time an ssl context is
requested (ie, at startup)
> certificate not validated for internode SSL encryption.
> -------------------------------------------------------
>
> Key: CASSANDRA-7528
> URL: https://issues.apache.org/jira/browse/CASSANDRA-7528
> Project: Cassandra
> Issue Type: Improvement
> Components: Core
> Environment: Amazon Linux on various AWS EC2 instance types.
> Reporter: Joseph Clark
> Assignee: Brandon Williams
> Attachments: 7528.txt
>
>
> An expired certificate may be used to encrypt internode communication.
> To reproduce, set the server_encryption_options to enable internode
> encryption. Add the private key to the specified .keystore, and an expired
> certificate generated using the private key to the specified truststore. The
> same keys are used far all cassandra nodes in the cluster.
> When cassandra is started, it is able to communicate with other cassandra
> nodes even though the certificate is expired.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
