Close popover

Table of Contents

Configuring a Cassandra cluster for internal encryption

Version:

Protect data that is transferred internally between Decision Data Store (DDS) nodes by using node-to-node encryption.

DDS nodes require node-to-node encryption.
  1. In the prconfig.xml file, enable node-to-node encryption by setting the dnode/cassandra_internode_encryption property to true.

  2. Configure the remaining prconfig.xml settings.

    For more information about the prconfig.xml properties for node-to-node encryption, see Prconfig properties for Cassandra cluster encryption.
  3. Create Java keystores and truststores along with SSL certificates.

    For more information, see Creating Java keystores and truststores for Cassandra encryption.
    If you do not create separate Java keystores and truststores for external encryption, Cassandra uses the keystores and trustores that you specify for internal encryption.
  4. Copy the keystore.shared and truststore.shared files to the external Cassandra directory.

  5. In the prconfig.xml and cassandra.yaml files, update the configuration with the file paths and passwords to the certificates.

  6. Restart Pega Platform for the changes to take effect.

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.