hi Evans; rather than having one individual certificate for every node, we are looking at getting one Comodo wild-card certificate, and importing that into the keystore. along with the intermediate CA provided by Comodo. As far as the trust-store is concerned, we are looking at importing the intermediate CA provided along with the signed wild-card cert by Comodo.
So in this case we'll be having just one keystore (generic), and truststore we'll be copying to all the nodes. We've run into issues however, and are trying to iron that out. Interested to know if anybody in the community has taken a similar approach. We are pretty much going on the lines of following post by LastPickle http://thelastpickle.com/blog/2015/09/30/hardening-cassandra-step-by-step-part-1-server-to-server.html. Instead of creating our own CA, we are relying on Comodo. thanks Sai On Wed, Sep 21, 2016 at 10:30 AM, Eric Evans <john.eric.ev...@gmail.com> wrote: > On Tue, Sep 20, 2016 at 12:57 PM, sai krishnam raju potturi > <pskraj...@gmail.com> wrote: > > Due to the security policies in our company, we were asked to use 3rd > party > > signed certs. Since we'll require to manage 100's of individual certs, we > > wanted to know if there is a work around with a generic keystore and > > truststore. > > Can you explain what you mean by "generic keystore"? Are you looking > to create keystores signed by a self-signed root CA (distributed via a > truststore)? > > -- > Eric Evans > john.eric.ev...@gmail.com >
