question

johnp avatar image
johnp asked Erick Ramirez edited

How do I configure client-node encryption using certificates from a third-party CA?

Hi Team,
As per documentation, to configure ssl in dse we need to generate/create truststore rootca crt signed crt keystore. I am bit confused here because i have zip file download from our third party CA, file has below files .crt file bundlefile and privatekey file we are using those files in nginx for ssl communication of website. But in case of cassandra can we use those three zip files to implement encryption or do we need to generate csr and bought new cert for each node ?
Can someone please help me and clear my confusions? Also if it is possible to use existing 3 files to configure encryption then please provide guidelines to proceed further.
Thank you team.

dseencryption
10 |1000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

1 Answer

Erick Ramirez avatar image
Erick Ramirez answered

We recommend using certificates that are signed by well-known certificate authorities (CAs).

You will need to create local SSL certificate and keystore files for the nodes but skip the section on creating your own root CA.

If you need assistance, please log a ticket with DataStax Support and one of our engineers will be happy to assist you. Cheers!

Share
10 |1000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.