cassandra 启用SSL(client-to-node)

cassandra中文资料挺少的,记录一下最近的操作,英文不好的同学可以参考.

这个只适合开发环境,非CA.

1. 服务器端生成密钥对

keytool -genkey -keyalg RSA -alias node1 -keystore node1.keystore
-storepass cassandra -keypass cassandra
-dname "CN=192.168.86.29, OU=None, O=None,
L=Scottsdale, C=USA"
2.生成证书

keytool -export -alias node1 -file node1.cer -keystore node1.keystore

3.生成truststore (用于客户端 即我们的程序)

keytool -import -v -trustcacerts -alias node1 -file node1.cer -keystore node2.truststore

更改casandra.yaml配置文件
client_encryption_options:
enabled: false
optional: false
keystore: conf/node1.keystore
keystore_password: cassandra

4.更改客户端代码

CqlSessionBuilder cqlSessionBuilder = CqlSession.builder()
        .withAuthCredentials(this.userName, this.password)
        .addContactEndPoints(getContactPointsList())
        .withLocalDatacenter(this.localDCName)
        .withConfigLoader(configLoader)
        .withKeyspace(this.keySpaceName)
        .addTypeCodecs(new TimestampCodec());
if (null != encryptionMode) {
 
    if (null != trustStore && null != trustStorePassword) {
        KeyStore ks = KeyStore.getInstance(STORE_TYPE);
        InputStream trustStoreStream = new FileInputStream("C:\node2.truststore");
        ks.load(trustStoreStream, "cassandra".toCharArray());
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tmf.init(ks);

        SSLContext sslContext = SSLContext.getInstance(encryptionMode.trim().toUpperCase());
        sslContext.init(null, tmf.getTrustManagers(), new SecureRandom());
        cqlSessionBuilder.withSslContext(sslContext);
    } else {
        logger.warn("TRUST_STORE and TRUST_STORE_PASSWORD must be non-null value");
    }
}
session = cqlSessionBuilder.build();

只是一个记录,里面没有说明.不过步骤挺完整.根据这个可以跑起来.也可以参考datastat上的文档