ssl - Cassandra: how to setup node-to-node encryption? -
cassandra supports both client-node encryption , node-node encryption. seems client-node encryption simple setup.
now have finished setting client-node, trying out node-node encryption , curious couple of things.
the example here (http://www.datastax.com/docs/datastax_enterprise3.1/security/ssl_certs#ssl-certs) uses different certificates different nodes. compulsory?
can use sample ssl certificate every node rather generating new certificate each node?
the example here (http://www.datastax.com/docs/datastax_enterprise3.1/security/ssl_certs#ssl-certs) uses different certificates different nodes. compulsory?
it considered best practice give each node it's own identifying certificate, not required.
can use sample ssl certificate every node rather generating new certificate each node?
yes could, create own certificate authority , generate of certificates signed authority (see this how using keytool). way have trust certificate authority on cassandra nodes can add more nodes without having update trust stores on every cassandra node.
Comments
Post a Comment