Unknown macro: {next_previous_links}
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

TLS protocol can be enabled to secure the client-server communication between a Hector-based client and a Cassandra server.

Pre-requisites 

  • Download and install appropriate JCE libs into <JAVA_HOME>/lib/security/ folder.
  • Ensure that the required keystores are configured.

Configure the Cassandra server

The steps given below explains how you can enable TLS security for Cassandra, which received messages from the Hector-based client.

  1. Open the cassandra.yaml file from the <PRODUCT_HOME>/repository/conf/etc folder.

  2. Enable client_encryption_options as shown below.

    enabled: false
    keystore: conf/.keystore
    keystore_password: cassandra
    # require_client_auth: false
    # truststore: conf/.truststore
    # truststore_password: cassandra
    # More advanced defaults below:
    # protocol: TLS
    # algorithm: SunX509
    # store_type: JKS
    # cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA]
  3. Start the server. The following log message will be printed: "enabling encrypted thrift connections between client and server".

Configure the client

The steps given below explains how you can configure the server with the Hector-based client, which sends messages to Cassandra.

  1. Open the server startup script from <PRODUCT_HOME>/bin folder. For example, for Linux, open wso2server.sh.

  2. Add the following system properties.

    -Dssl.protocol=TLS
-Dssl.cipher.suites=TLS_RSA_WITH_AES_256_CBC_SHA
-Dssl.store.type=JKS
-Dssl.truststore=[Trust store path]
-Dssl.truststore.password=[Trust store password]
  3. Start the server. There following log message will be printed: "SSL enabled for client<->server communications".
  • No labels
Unknown macro: {next_previous_links2}