Never mind fellas. Found the stupid error here. Sharing with you just in case. Typo error on my script to generate those.
I have the '' characters while generating the keystore and certificates. -keystore 'mypassword' while correct is -keystore mypassword I knew it was a certificate issue, debugging it I was able to find it. The longer you do things, the longer you are prone to errors. cheers On Thu, Jun 19, 2014 at 3:20 PM, Carlos Scheidecker <nando....@gmail.com> wrote: > Hello, > > I am using Cassandra 2.1.0-rc1 and trying to set up internode encryption. > > Here's how I have generated the certificates and keystores: > > keytool -genkeypair -v -keyalg RSA -keysize 1024 -alias node1 -keystore > node1.keystore -storepass 'mypassword' -dname 'CN=Development' -keypass > 'mypassword' -validity 3650 > > keytool -export -v -alias node1 -file node1.cer -keystore node1.keystore > -storepass 'mypassword' > > keytool -import -v -trustcacerts -alias node1 -file node1.cer -keystore > global.truststore -storepass 'mypassword' -noprompt > > Now, I have create a folder /etc/cassandra/certs > > and copied the certs there: node1.keystore and global.truststore > > Set the ownership and permissions of both to chown cassandra:cassandra and > chmod 600 > > Then on Cassandra.yaml I did the following: > > server_encryption_options: > internode_encryption: all > keystore: /etc/cassandra/certs/node1.keystore > keystore_password: mypassword > truststore: /etc/cassandra/certs/global.truststore > truststore_password: mypassword > > > When starting the server I get the following error: > > ERROR [main] 2014-06-19 15:00:03,701 CassandraDaemon.java:340 - Fatal > configuration error > org.apache.cassandra.exceptions.ConfigurationException: Unable to create > ssl socket > at > org.apache.cassandra.net.MessagingService.getServerSockets(MessagingService.java:431) > ~[apache-cassandra-2.1.0~rc1.jar:2.1.0~rc1] > at > org.apache.cassandra.net.MessagingService.listen(MessagingService.java:411) > ~[apache-cassandra-2.1.0~rc1.jar:2.1.0~rc1] > at > org.apache.cassandra.service.StorageService.prepareToJoin(StorageService.java:694) > ~[apache-cassandra-2.1.0~rc1.jar:2.1.0~rc1] > at > org.apache.cassandra.service.StorageService.initServer(StorageService.java:628) > ~[apache-cassandra-2.1.0~rc1.jar:2.1.0~rc1] > at > org.apache.cassandra.service.StorageService.initServer(StorageService.java:511) > ~[apache-cassandra-2.1.0~rc1.jar:2.1.0~rc1] > at > org.apache.cassandra.service.CassandraDaemon.setup(CassandraDaemon.java:336) > [apache-cassandra-2.1.0~rc1.jar:2.1.0~rc1] > at > org.apache.cassandra.service.CassandraDaemon.activate(CassandraDaemon.java:455) > [apache-cassandra-2.1.0~rc1.jar:2.1.0~rc1] > at > org.apache.cassandra.service.CassandraDaemon.main(CassandraDaemon.java:544) > [apache-cassandra-2.1.0~rc1.jar:2.1.0~rc1] > Caused by: java.io.IOException: Error creating the initializing the SSL > Context > at > org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:124) > ~[apache-cassandra-2.1.0~rc1.jar:2.1.0~rc1] > at > org.apache.cassandra.security.SSLFactory.getServerSocket(SSLFactory.java:53) > ~[apache-cassandra-2.1.0~rc1.jar:2.1.0~rc1] > at > org.apache.cassandra.net.MessagingService.getServerSockets(MessagingService.java:427) > ~[apache-cassandra-2.1.0~rc1.jar:2.1.0~rc1] > ... 7 common frames omitted > Caused by: java.io.IOException: Keystore was tampered with, or password > was incorrect > at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772) > ~[na:1.8.0_05] > at > sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55) > ~[na:1.8.0_05] > at java.security.KeyStore.load(KeyStore.java:1433) ~[na:1.8.0_05] > at > org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:108) > ~[apache-cassandra-2.1.0~rc1.jar:2.1.0~rc1] > ... 9 common frames omitted > Caused by: java.security.UnrecoverableKeyException: Password verification > failed > at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770) > ~[na:1.8.0_05] > ... 12 common frames omitted > INFO [StorageServiceShutdownHook] 2014-06-19 15:00:03,705 > Gossiper.java:1272 - Announcing shutdown > > > Why would the certificate fail and the error "Keystore was tampered with, > or password was incorrect" is displayed? > > I have tested the keystore password by doing keytool -list -keystore > node1.keystore > > And it shows the certficate and password is correct: > > keytool -list -keystore node1.keystore -storepass mypassword > > Keystore type: JKS > Keystore provider: SUN > > Your keystore contains 1 entry > > node1, Jun 19, 2014, PrivateKeyEntry, > Certificate fingerprint (SHA1): > 85:28:6F:75:B5:E2:CE:5C:52:84:AC:A6:12:FC:45:FB:BA:8D:97:4D > > Have no idea what went wrong as I have tried to find out. > > It does not seem to be a Cassandra issue but more likely an issue while > generating the keystore and trustore. > > I am doing it for 4 nodes, which is why trustore is the same file name, > only keystores are different names which are unique for the nodes. > > Thanks. > > >
