Re: [ANN]: Cert management with self-signed CA for Cassandra (and presumably other Java stuff)
+1. I recently discovered that a coworker had built, more or less, the same thing just a month or two ago for internal/testing uses. And I know I've seen/heard it elsewhere, so yeah, this would be great! On Monday, August 22, 2016, Nate McCall wrote: > > > Any reason to not include this in the docs/operating or as a utility in > repo > > > to make it easier for end users to find all information in one place? > Know > > > this has come up on other projects and we always fall into the same > > > search/reply trap as well > > > > No, if there were consensus that was worthwhile, I would have no > objections. > > > > It's worthwhile. I've had to do this a couple of times with different CM > systems as work-for-hire and it's always a PITA. A general purpose utility > would be awesome. >
Re: [ANN]: Cert management with self-signed CA for Cassandra (and presumably other Java stuff)
> > Any reason to not include this in the docs/operating or as a utility in repo > > to make it easier for end users to find all information in one place? Know > > this has come up on other projects and we always fall into the same > > search/reply trap as well > > No, if there were consensus that was worthwhile, I would have no objections. > It's worthwhile. I've had to do this a couple of times with different CM systems as work-for-hire and it's always a PITA. A general purpose utility would be awesome.
Re: [ANN]: Cert management with self-signed CA for Cassandra (and presumably other Java stuff)
+1 On Aug 22, 2016 9:51 PM, "Eric Evans" wrote: > On Mon, Aug 22, 2016 at 5:28 PM, Jake Farrell wrote: > > Any reason to not include this in the docs/operating or as a utility in > repo > > to make it easier for end users to find all information in one place? > Know > > this has come up on other projects and we always fall into the same > > search/reply trap as well > > No, if there were consensus that was worthwhile, I would have no > objections. > > > -- > Eric Evans > eev...@wikimedia.org >
Re: [ANN]: Cert management with self-signed CA for Cassandra (and presumably other Java stuff)
On Mon, Aug 22, 2016 at 5:28 PM, Jake Farrell wrote: > Any reason to not include this in the docs/operating or as a utility in repo > to make it easier for end users to find all information in one place? Know > this has come up on other projects and we always fall into the same > search/reply trap as well No, if there were consensus that was worthwhile, I would have no objections. -- Eric Evans eev...@wikimedia.org
Re: [ANN]: Cert management with self-signed CA for Cassandra (and presumably other Java stuff)
Great idea Eric Any reason to not include this in the docs/operating or as a utility in repo to make it easier for end users to find all information in one place? Know this has come up on other projects and we always fall into the same search/reply trap as well -Jake On Monday, August 22, 2016, Eric Evans wrote: > Hi, > > The topic of configuring encryption comes up fairly often, so I > thought I'd make available to others what we use at the Wikimedia > Foundation. > > https://github.com/eevans/cassandra-ca-manager > > It allows you to define a self-signed root CA, along with keys and > certs for each of your machines in a YAML manifest file. The script > reads the manifest and generates everything you need (including Java > keystore and truststore files), and drops them in a directory of your > choosing. > > It's nothing fancy, but it works pretty well, and beats looking up all > of the baroque commands once a year to do it manually. > > Cheers, > > -- > Eric Evans > john.eric.ev...@gmail.com >
[ANN]: Cert management with self-signed CA for Cassandra (and presumably other Java stuff)
Hi, The topic of configuring encryption comes up fairly often, so I thought I'd make available to others what we use at the Wikimedia Foundation. https://github.com/eevans/cassandra-ca-manager It allows you to define a self-signed root CA, along with keys and certs for each of your machines in a YAML manifest file. The script reads the manifest and generates everything you need (including Java keystore and truststore files), and drops them in a directory of your choosing. It's nothing fancy, but it works pretty well, and beats looking up all of the baroque commands once a year to do it manually. Cheers, -- Eric Evans john.eric.ev...@gmail.com