Since I don't know what's in your keystore, or how it was generated, I don't know how much help I can be.
You probably need "-alias <something>" on the command line, and make sure a cert by the name "<something>" exists in your keystore. You can use "keytool -list ..." to examine the contents. Adam Holmberg On Mon, Feb 2, 2015 at 4:15 AM, Lu, Boying <boying...@emc.com> wrote: > Hi, Holmberg, > > > > I tried your suggestion and run the following command: > > keytool –exportcert –keystore path-to-my-keystore-file –storepass > my-keystore-password –storetype JKS –file path-to-outptfile and > > > > I got following error: > > keytool error: java.lang.Exception: Alias <mykey> does not exist > > > > Do you know how to fix this issue? > > > > Thanks > > > > Boying > > > > *From:* Adam Holmberg [mailto:adam.holmb...@datastax.com] > *Sent:* 2015年1月31日 1:12 > *To:* user@cassandra.apache.org > *Subject:* Re: FW: How to use cqlsh to access Cassandra DB if the > client_encryption_options is enabled > > > > Assuming the truststore you are referencing is the same one the server is > using, it's probably in the wrong format. You will need to export the cert > into a PEM format for use in the (Python) cqlsh client. If exporting from > the java keystore format, use > > > > keytool -exportcert <source keystore, pass, etc> -rfc -file <output file> > > > > If you have the crt file, you should be able to accomplish the same using > openssl: > > > > openssl x509 -in <in crt> -inform DER -out <output file> -outform PEM > > > > Then, you should refer to that PEM file in your command. Alternatively, > you can specify a path to the file (along with other options) in your > cqlshrc file. > > > > References: > > How cqlsh picks up ssl options > <https://github.com/apache/cassandra/blob/cassandra-2.1/pylib/cqlshlib/sslhandling.py> > > Example cqlshrc file > <https://github.com/apache/cassandra/blob/cassandra-2.1/conf/cqlshrc.sample> > > > > Adam Holmberg > > > > On Wed, Jan 28, 2015 at 1:08 AM, Lu, Boying <boying...@emc.com> wrote: > > Hi, All, > > > > Does anyone know the answer? > > > > Thanks a lot > > > > Boying > > > > > > *From:* Lu, Boying > *Sent:* 2015年1月6日 11:21 > *To:* user@cassandra.apache.org > *Subject:* How to use cqlsh to access Cassandra DB if the > client_encryption_options is enabled > > > > Hi, All, > > > > I turned on the dbclient_encryption_options like this: > > client_encryption_options: > > enabled: *true* > > keystore: path-to-my-keystore-file > > keystore_password: my-keystore-password > > truststore: path-to-my-truststore-file > > truststore_password: my-truststore-password > > … > > > > I can use following cassandra-cli command to access DB: > > cassandra-cli -ts path-to-my-truststore-file –tspw my-truststore-password > –tf org.apache.cassandra.thrift.SSLTransportFactory > > > > But when I tried to access DB by cqlsh like this: > > SSL_CERTFILE=path-to-my-truststore cqlsh –t > cqlishlib.ssl.ssl_transport_factory > > > > I got following error: > > Connection error: Could not connect to localhost:9160: [Errno 0] > _ssl.c:332: error:00000000:lib(0):func(0):reason(0) > > > > I guess the reason maybe is that I didn’t provide the trustore password. > But cqlsh doesn’t provide such option. > > > > Does anyone know how to resolve this issue? > > > > Thanks > > > > Boying > > > > >
