>if I use the same certificate how does it helps?
This certificate will be recognized by all existing nodes, and no restart will
be needed.
Or, as Nate suggested, you can use trusted root certificate to issue nodes'
certificates.
Best regards, Vladimir Yudovin,
Winguzone - Hosted Cloud Cassandra
Launch your cluster in minutes.
---- On Tue, 22 Nov 2016 03:07:28 -0500Jai Bheemsen Rao Dhanwada
<jaibheem...@gmail.com> wrote ----
yes, I am generating separate certificate for each node.
even if I use the same certificate how does it helps?
On Mon, Nov 21, 2016 at 9:02 PM, Vladimir Yudovin <vla...@winguzone.com>
wrote:
Hi Jai,
so do you generate separate certificate for each node? Why not use one
certificate for all nodes?
Best regards, Vladimir Yudovin,
Winguzone - Hosted Cloud Cassandra
Launch your cluster in minutes.
---- On Mon, 21 Nov 2016 17:25:11 -0500Jai Bheemsen Rao Dhanwada
<jaibheem...@gmail.com> wrote ----
Hello,
I am setting up encryption on one of my cassandra cluster using the below
procedure.
server_encryption_options:
internode_encryption: all
keystore: /etc/keystore
keystore_password: xxxxx
truststore: /etc/truststore
truststore_password: xxxxx
http://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore
However, one difficulty with this approach is whenever I am adding a new node I
had to rolling restart all the C* nodes in the cluster, so that the truststore
is updated with the new server information.
Is there a way to automatically trigger a reload so that the truststore is
updated on the existing machines without restart.
Can someone please help ?
