Creating Java keystores and truststores for Cassandra encryption

Enable internal and external Cassandra encryption by creating Java keystores and truststores along with SSL certificates.

1. Create the keystore.shared file by running the following command: keytool -genkey -keyalg RSA -alias shared -validity 36500 -keystore keystore.shared -storepass cassandra -keypass cassandra -dname "CN=None, OU=None, O=None, L=None, C=None" where cassandra is the password the certificate.

2. Export the SSL certificate from the keystore.shared file to the shared.cer file by running the following command: keytool -export -alias shared -file shared.cer -keystore keystore.shared -storepass cassandra where cassandra is the password the certificate.

3. Create the truststore.shared file and import the SSL certificate to that file by running the following command: keytool -importcert -v -trustcacerts -noprompt -alias shared -file shared.cer -keystore truststore.shared -storepass cassandra where cassandra is the password the certificate.

• Configuring a Cassandra cluster for internal encryption

  Protect data that is transferred internally between Decision Data Store (DDS) nodes by using node-to-node encryption.

• Configuring a Cassandra cluster for external encryption

  Establish a secure channel for data transfers between Pega client machines and a Cassandra cluster by using client-to-server encryption.

• Configuring the Cassandra cluster

  Pega Platform comes with an internal Cassandra cluster to which you can connect through a Decision Data Store data set. Before connecting to the cluster through Pega Platform, perform the following steps to achieve optimal performance and data consistency across the nodes in the cluster.