You enable the server and the client communication with Cassandra over SSL by editing the /etc/cassandra/conf/cassandra.yaml configuration file available on each Cassandra node.

Repeat the following steps on every Cassandra node that you want to join to a cluster.

Procedure

  1. Set the listen_address and rpc_address values to the Cassandra node IP address.
    listen_address: Cass-Node-IP
    rpc_address: Cass-Node-IP
    
  2. Update the values of the server_encryption_options properties.
    server_encryption_options:
        internode_encryption: all
        keystore: /etc/cassandra/conf/.keystore
        keystore_password: vmware
        truststore: /etc/cassandra/conf/.truststore
        truststore_password: vmware
        # More advanced defaults below:
        # protocol: TLS
        # algorithm: SunX509
        store_type: JKS
        require_client_auth: true
        # require_endpoint_verification: false
    
  3. Update the values of the client_encryption_options properties.

    The keystore and truststore passwords are the same passwords that you used to create the keystore and the truststore.

    Client_encryption_options: 
    			 enabled: true
        # If enabled and optional is set to true encrypted and unencrypted connections are handled.
        optional: true
        keystore: /etc/cassandra/conf/.keystore
        keystore_password: vmware
        require_client_auth: true
        # Set trustore and truststore_password if require_client_auth is true
        truststore: /etc/cassandra/conf/.truststore
        truststore_password: vmware
        # More advanced defaults below:
        # protocol: TLS
        # algorithm: SunX509
        store_type: JKS
    
  4. Save the changes and exit the file.
  5. Restart the Cassandra node by running the following command.
    # systemctl restart cassandra