PLANNED MAINTENANCE

Hello, DataStax Community!

We want to make you aware of a few operational updates which will be carried out on the site. We are working hard to streamline the login process to integrate with other DataStax resources. As such, you will soon be prompted to update your password. Please note that your username will remain the same.

As we work to improve your user experience, please be aware that login to the DataStax Community will be unavailable for a few hours on:

  • Wednesday, July 15 16:00 PDT | 19:00 EDT | 20:00 BRT
  • Thursday, July 16 00:00 BST | 01:00 CEST | 04:30 IST | 07:00 CST | 09:00 AEST

For more info, check out the FAQ page. Thank you for being a valued member of our community.


question

scano_183208 avatar image
scano_183208 asked ·

Having trouble configuring DSE C# driver with SSL, getting "SSLException: Received fatal alert: unknown_ca"

Below is a simple code that I am using to test this out:

class Program
{
    static void Main(string[] args)
    {
        X509Certificate2Collection collection;
        using (var store = new X509Store(StoreLocation.LocalMachine))
        {
            store.Open(OpenFlags.ReadOnly);
            collection = store.Certificates;
        }

        var cluster = Cluster.Builder()
            .AddContactPoints("192.168.14.11")
            .WithCredentials("cassandra","cassandra")
            .WithSSL(new SSLOptions().SetCertificateCollection(collection))
            .Build();

        ISession session = cluster.Connect();

        global::System.Console.WriteLine("test")
    }
}

I downloaded the cert file that LCM auto generated and placed it within my local machine. On the server side when i run the code i get this error:

javax.net.ssl.SSLException: Received fatal alert: unknown_ca

I have node to node and client to node encryption on. But the require_client_auth is set to false.

driversslc#
10 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

1 Answer

Erick Ramirez avatar image
Erick Ramirez answered ·

@scano_183208 Your code looks like you're doing 2-way SSL authentication but you specifically mentioned that you don't have require_client_auth enabled. Since you're not using 2-way SSL, I suggest that you look at the code example on GitHub which only calls .WithSSL() to enable server authentication.

You will also need to verify that the certificate authority has been added correctly to the Trusted Root Certification Authorities of the Local Machine store. If the certificate authority isn't configured correctly, the driver won't be able to connect correctly. For details, see the TLS/SSL page of the C# driver. Cheers!

Share
10 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.