Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Using cqlsh with ssl

Tags:

I have enabled ssl encryption in my cassandra node and I am trying to figure out how to connect to my node using cqlsh with ssl:

When I run ./cqlsh --ssl I get the following error:

Validation is enabled; SSL transport factory requires a valid certfile to be specified. Please provide path to the certfile in [ssl] section as 'certfile' option in /root/.cassandra/cqlshrc (or use [certfiles] section) or set SSL_CERTFILE environment variable.

I followed the link on https://docs.datastax.com/en/cassandra/2.1/cassandra/security/secureCqlshSSL_t.html:

[authentication]
username = fred
password = !!bang!!$

I am keeping in the root folder so that any user can login and can access the common folder (rather than in my user directory). However what would be the password in this case? Do I need to put my password?!

certfile = ~/keys/node0.cer.pem

Will I need to add this certfile to the cassandra's truststore, or can I just add cassandra nodes certificate itself?

I am using Cassandra 2.2.7.

like image 331
user1692342 Avatar asked Oct 21 '16 14:10

user1692342

People also ask

What is Cqlsh and why is it used?

This chapter introduces the Cassandra query language shell and explains how to use its commands. By default, Cassandra provides a prompt Cassandra query language shell (cqlsh) that allows users to communicate with it. Using this shell, you can execute Cassandra Query Language (CQL).

What port does Cqlsh use?

Requirements. In Cassandra 2.1, the cqlsh utility uses the native protocol. In Cassandra 2.1, which uses the python driver, the default cqlsh listen port is 9042.

1 Answers

There are a few things needed to make this work:

However what would be the password in this case? Do I need to put my password?!

Inside your cqlshrc file, this refers to the username and password for authentication/authorization. You don't really need to add it here. If you do not, remember to specify the -u username -p password flags on the cqlsh command line.

Will I need to add this certfile to the cassandra's truststore, or can I just add cassandra nodes certificate itself.

For client-to-node SSL, you don't really need to use the truststore.

If you followed the steps in that doc above, you should already have the private key part of the certificate in your keystore file. Then, you would have exported the public part of that cert to a file. You would have then converted that file to a PKCS12 file for use with cqlsh. Judging by the filenames you are using above, it looks like you have done that.

As an example, here is an example cqlshrc file that should connect to a 2.2.x clusters:

[connection]
factory = cqlshlib.ssl.ssl_transport_factory

[ssl]
certfile = ~/certs/dev-cluster1.cer.pem
validate = false

[authentication]
username = cassuser
password = 12345

Make sure that you are setting the ssl_transport_factory.

like image 75
Aaron Avatar answered Nov 15 '22 06:11

Aaron
Sign in to Comment

Related questions

jQuery `children` versus ` find`
scribble: how to remove "WARNING no declared exporting libraries"
Get last function's arguments from traceback?
How to include / exclude a struct's field in JSON dynamically?
Speed up coloring segments of a spline curve?
Detect all k-length words of string in prolog
How do I install Haskell Stack locally?
Get class/module name
Modify Source Observable on retry - RxJava
MYSQL: "Access denied for user 'X'@'localhost' (using password: YES)" PYTHON
Usage for LiveBinding
Error in gulp.js

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!