I had the following writeup when i did the KS and TS creation... Hope this
helps
*Step 1:* Download your Organisation Cert/Cert Chain/Generate one.
*Step 2:* Login to any of one machine do the following to create p12
# openssl pkcs12 -export -in cassandra-app.cert -inkey cassandra-app.key
-certfile cassandra-app.cert -name "cassandra-app" -out cassandra-app.p12
*Step 3:* now you can create the Keystore
# keytool -importkeystore -srckeystore cassandra-app.p12 -srcstoretype
pkcs12 -destkeystore cassandra-app.jks -deststoretype JKS
- You might need the password at this stage.
*Step 4:* List to make sure you have the right one.
# keytool -list -v -keystore cassandra-app.jks -storepass <Password>
*
*
*TrustStore:*
*Step 1:* Download the certificate chain from perforce.
Do all the steps as above and you have a trust store (Name it sensibly
to differentiate in the future)
keytool -import -keystore cassandra-app.truststore -file ca.pem -alias
cassandra-app -storepass <diffrent pass>
*Finally:* Checkin the files into conf dir in Perforce.
*Open Yaml File:*
And Add:
encryption_options:
internode_encryption: *dc*
keystore: conf/.keystore
keystore_password: cassandra
truststore: conf/.truststore
truststore_password: cassandra
Regards,
</VJ>
On Fri, Jan 20, 2012 at 11:16 AM, A J <s5a...@gmail.com> wrote:
> Hello,
> I am trying to use internode encryption in Cassandra (1.0.6) for the first
> time.
>
> 1. Followed the steps 1 to 5 at
>
> http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore
> Q. In cassandra.yaml , what value goes for keystore ? I exported the
> certificate per step #3 above in duke.cer. Do I put the location and
> name of that file for this parameter ?
> Siminarly, what value goes for truststore ? The steps 1-5 don't
> indicate any other file to be exported that would possibly go here.
>
> Also do I need to follow these steps on each of the node ?
>
> Thanks
> AJ
>
