Creating Java keystores and truststores for Cassandra encryption
Version:
Enable internal and external Cassandra encryption by creating Java keystores and truststores along with SSL certificates.
-
Create the
keystore.shared
file by running the following command:keytool -genkey -keyalg RSA -alias shared -validity 36500 -keystore keystore.shared -storepass cassandra -keypass cassandra -dname "CN=None, OU=None, O=None, L=None, C=None"
wherecassandra
is the password the certificate. -
Export the SSL certificate from the
keystore.shared
file to theshared.cer
file by running the following command:keytool -export -alias shared -file shared.cer -keystore keystore.shared -storepass cassandra
wherecassandra
is the password the certificate. -
Create the
truststore.shared
file and import the SSL certificate to that file by running the following command:keytool -importcert -v -trustcacerts -noprompt -alias shared -file shared.cer -keystore truststore.shared -storepass cassandra
wherecassandra
is the password the certificate.
- Configuring a Cassandra cluster for internal encryption
Protect data that is transferred internally between Decision Data Store (DDS) nodes by using node-to-node encryption.
- Configuring a Cassandra cluster for external encryption
Establish a secure channel for data transfers between Pega client machines and a Cassandra cluster by using client-to-server encryption.
- Configuring the Cassandra cluster
Pega Platform comes with an internal Cassandra cluster to which you can connect through a Decision Data Store data set. Before connecting to the cluster through Pega Platform, perform the following steps to achieve optimal performance and data consistency across the nodes in the cluster.