Bringing together the Apache Cassandra experts from the community and DataStax.

Want to learn? Have a question? Want to share your expertise? You are in the right place!

Not sure where to begin? Getting Started

 

question

scano_183208 avatar image
scano_183208 asked ·

Having trouble configuring DSE C# driver with SSL, getting "SSLException: Received fatal alert: unknown_ca"

Below is a simple code that I am using to test this out:

class Program
{
    static void Main(string[] args)
    {
        X509Certificate2Collection collection;
        using (var store = new X509Store(StoreLocation.LocalMachine))
        {
            store.Open(OpenFlags.ReadOnly);
            collection = store.Certificates;
        }

        var cluster = Cluster.Builder()
            .AddContactPoints("192.168.14.11")
            .WithCredentials("cassandra","cassandra")
            .WithSSL(new SSLOptions().SetCertificateCollection(collection))
            .Build();

        ISession session = cluster.Connect();

        global::System.Console.WriteLine("test")
    }
}

I downloaded the cert file that LCM auto generated and placed it within my local machine. On the server side when i run the code i get this error:

javax.net.ssl.SSLException: Received fatal alert: unknown_ca

I have node to node and client to node encryption on. But the require_client_auth is set to false.

driversslc#
10 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

1 Answer

Erick Ramirez avatar image
Erick Ramirez answered ·

@scano_183208 Your code looks like you're doing 2-way SSL authentication but you specifically mentioned that you don't have require_client_auth enabled. Since you're not using 2-way SSL, I suggest that you look at the code example on GitHub which only calls .WithSSL() to enable server authentication.

You will also need to verify that the certificate authority has been added correctly to the Trusted Root Certification Authorities of the Local Machine store. If the certificate authority isn't configured correctly, the driver won't be able to connect correctly. For details, see the TLS/SSL page of the C# driver. Cheers!

Share
10 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.