Creating Java keystores and truststores for Cassandra encryption
Enable internal and external Cassandra encryption by creating Java keystores and truststores along with SSL certificates.
-
Create the
keystore.shared
file by running the following command:keytool -genkey -keyalg RSA -alias shared -validity 36500 -keystore keystore.shared -storepass cassandra -keypass cassandra -dname "CN=None, OU=None, O=None, L=None, C=None"
wherecassandra
is the password the certificate. -
Export the SSL certificate from the
keystore.shared
file to theshared.cer
file by running the following command:keytool -export -alias shared -file shared.cer -keystore keystore.shared -storepass cassandra
wherecassandra
is the password the certificate. -
Create the
truststore.shared
file and import the SSL certificate to that file by running the following command:keytool -importcert -v -trustcacerts -noprompt -alias shared -file shared.cer -keystore truststore.shared -storepass cassandra
wherecassandra
is the password the certificate.