When i enable require_client_auth on client to node encryption I keep getting a null cert chain error. My assumption is that the certificate the client in providing to the server does not have a cert chain thus the error happening aka bad certificate.
In these types of situations what can i do as my first steps? Is there a way to see what certificate the client is providing? what the server is using to authenticate the client cert. etc.
Thank you,
Simon
SSL Troubles Getting a Null Cert Chain error
Hi @scano_183208,
would you update your question with the full error and the DSE version?
Here is the documentation on enabling client to node encryption for DSE 6.8, which might serve as a starting point for double-checking your configuration. It includes a link to detailed instructions on how to create the certificates, keystores and truststores.
https://docs.datastax.com/en/security/6.8/security/encryptClientNodeSSL.html
@Erick Ramirez @bettina.swynnerton
It says this.
- true - Require certificate authentication for client-to-node encryption. Client certificates must be present on all nodes in the cluster.
If i created the CARoot and the keystore and truststore for the nodes via LCM where can i find the Client certificates for the nodes?
We haven't heard back from since you posted this question. We need additional information in order to assist you.
Let us know either way if you still need help with this issue. Cheers!
7 People are following this question.
