Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Download and install appropriate JCE libs into <JAVA_HOME>/lib/security/ folder.
  • Ensure that the required keystores are configured.

Configure the Cassandra server

...

  1. Open the cassandra.yaml file from the <PRODUCT_HOME>/repository/conf/etc folder.

  2. Enable client_encryption_options as shown below.

    Code Block
    enabled: false
    keystore: conf/.keystore
    keystore_password: cassandra
    # require_client_auth: false
    # truststore: conf/.truststore
    # truststore_password: cassandra
    # More advanced defaults below:
    # protocol: TLS
    # algorithm: SunX509
    # store_type: JKS
    # cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA]
  3. Start the server. The following log message will be printed: "enabling encrypted thrift connections between client and server".

Configure the client

The steps given below explains how you can configure the server with the Hector-based client, which sends messages to Cassandra.

  1. Open the server startup script from <PRODUCT_HOME>/bin folder. For example, for Linux, open wso2server.sh.

  2. Add the following system properties.

    Code Block
    -Dssl.protocol=TLS
-Dssl.cipher.suites=TLS_RSA_WITH_AES_256_CBC_SHA
-Dssl.store.type=JKS
-Dssl.truststore=[Trust store path]
-Dssl.truststore.password=[Trust store password]
  3. Start the server. There following log message will be printed: "SSL enabled for client<->server communications".