It appears that only adding the CA certificate to the truststore is sufficient for this.
On Thu, May 22, 2014 at 10:05 AM, Jeremy Jongsma <jer...@barchart.com> wrote: > The docs say that each node needs every other node's certificate in its > local truststore: > > > http://www.datastax.com/documentation/cassandra/1.2/cassandra/security/secureSSLCertificates_t.html > > This seems like a bit of a headache for adding nodes to a cluster. How do > others deal with this? > > 1) If I am self-signing the client certificates (with puppetmaster), is it > enough that the truststore just contain the CA certificate used to sign > them? This is the typical PKI mechanism for verifying trust, so I am hoping > it works here. > > 2) If not, can I use the same certificate for every node? If so, what is > the downside? I'm mainly concerned with encryption over public internet > links, not node identity verification. > > >
