what exactly does the require client auth under client to node encryption options do? simple example would be appreciated.
Bringing together the Apache Cassandra experts from the community and DataStax.
Want to learn? Have a question? Want to share your expertise? You are in the right place!
Not sure where to begin? Getting Started
While encrypting connection between client to DSE node, the client must provide certificate for communication as setting require_client_auth to true means you require two-way host certificate validation (two-way SSL).
Here is a good explanation on one-way and two-way SSL: https://tutorialspedia.com/an-overview-of-one-way-ssl-and-two-way-ssl/
This setting only needs to set to true if you require two-way SSL. With two-way SSL, instead of the Cassandra client simply verifying the identity of the server, the server also verifies the certificate used by the client. But in One Way SSL the client only verifies the server's certificate.
To answer what you need to configure after enabling require_client_auth
Before configuring the setting to true, you should generate the certificates that client will be presenting following the documentation :
And after you set it to true, you would need to configure the keystore and truststore as well. This is explained in the document here: https://docs.datastax.com/en/security/6.7/security/encryptClientNodeSSL.html
Hope this helps!
6 People are following this question.