Hi Sai,

I would recommend following the approach described in this article via The
Last Pickle: http://thelastpickle.com/blog/2015/09/30/hardening-cassandra

It does a really good job of laying out a strategy for internode encryption
by rolling your own CA and trusting it instead of individual certificates
for each node:

Now this is where it all comes together. Since all of our instance-specific
> keys have now been signed by the CA, we can share this trust store instance
> across the cluster as it effectively just says ā€œIā€™m going to trust all
> connections whose client certificates were signed by this CA.ā€


On Tue, Sep 20, 2016 at 12:20 PM, sai krishnam raju potturi <
pskraj...@gmail.com> wrote:

> hi;
>   has anybody enabled SSL using a generic keystore for node-to-node
> encryption. We're using 3rd party signed certificates, and want to avoid
> the hassle of managing 100's of certificates.
> thanks
> Sai


[image: DataStaxLogo copy3.png] <http://www.datastax.com/>

Andrew Tolbert

Software Engineer in Test | (612)-222-6271 | andrew.tolb...@datastax.com

<https://www.facebook.com/datastax> <https://twitter.com/datastax>
<http://feeds.feedburner.com/datastax> <https://github.com/datastax/>

Reply via email to