Thanks Nate and Vladimir, I will give it a try.
On Tue, Nov 22, 2016 at 12:48 AM, Vladimir Yudovin <vla...@winguzone.com> wrote: > >if I use the same certificate how does it helps? > This certificate will be recognized by all existing nodes, and no restart > will be needed. > > Or, as Nate suggested, you can use trusted root certificate to issue > nodes' certificates. > > > Best regards, Vladimir Yudovin, > > *Winguzone <https://winguzone.com?from=list> - Hosted Cloud > CassandraLaunch your cluster in minutes.* > > > ---- On Tue, 22 Nov 2016 03:07:28 -0500*Jai Bheemsen Rao Dhanwada > <jaibheem...@gmail.com <jaibheem...@gmail.com>>* wrote ---- > > yes, I am generating separate certificate for each node. > even if I use the same certificate how does it helps? > > On Mon, Nov 21, 2016 at 9:02 PM, Vladimir Yudovin <vla...@winguzone.com> > wrote: > > > Hi Jai, > > so do you generate separate certificate for each node? Why not use one > certificate for all nodes? > > Best regards, Vladimir Yudovin, > > *Winguzone <https://winguzone.com?from=list> - Hosted Cloud > CassandraLaunch your cluster in minutes.* > > > ---- On Mon, 21 Nov 2016 17:25:11 -0500*Jai Bheemsen Rao Dhanwada > <jaibheem...@gmail.com <jaibheem...@gmail.com>>* wrote ---- > > Hello, > > I am setting up encryption on one of my cassandra cluster using the below > procedure. > > server_encryption_options: > internode_encryption: all > keystore: /etc/keystore > keystore_password: xxxxx > truststore: /etc/truststore > truststore_password: xxxxx > > http://docs.oracle.com/javase/6/docs/technotes/guides/ > security/jsse/JSSERefGuide.html#CreateKeystore > > However, one difficulty with this approach is whenever I am adding a new > node I had to rolling restart all the C* nodes in the cluster, so that the > truststore is updated with the new server information. > > Is there a way to automatically trigger a reload so that the truststore is > updated on the existing machines without restart. > > Can someone please help ? > > > >