Creating Java keystores and truststores for Cassandra encryption
This content applies only to On-premises and Client-managed cloud environments
Enable external Cassandra encryption by creating Java keystores and truststores along with SSL certificates.
- Create the
keystore.shared
file by running the following command:keytool -genkey -keyalg RSA -alias shared -validity 36500 -keystore keystore.shared -storepass cassandra -keypass cassandra -dname "CN=None, OU=None, O=None, L=None, C=None"
wherecassandra
is the password the certificate. - Export the SSL certificate from the
keystore.shared
file to theshared.cer
file by running the following command:keytool -export -alias shared -file shared.cer -keystore keystore.shared -storepass cassandra
wherecassandra
is the password the certificate. - Create the
truststore.shared
file and import the SSL certificate to that file by running the following command:keytool -importcert -v -trustcacerts -noprompt -alias shared -file shared.cer -keystore truststore.shared -storepass cassandra
wherecassandra
is the password the certificate.
Previous topic Prconfig properties for Cassandra cluster encryption Next topic Configuring compaction settings for SSTables (deprecated)