我正在尝试将SSL(客户端到节点)用于Cassandra 2.1.2。
我已根据说明here创建了密钥库和信任库。然后我将cassandra.yaml更新为:
client_encryption_options:
enabled: true
keystore: /etc/cassandra/security/.keystore
keystore_password: ********
# require_client_auth: false
# Set trustore and truststore_password if require_client_auth is true
truststore: /etc/cassandra/security/.truststore
truststore_password: ********
# More advanced defaults below:
# protocol: TLS
# algorithm: SunX509
# store_type: JKS
# cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
我正在尝试使用cqlsh进行连接,但是我收到以下错误:
Connection error: ('Unable to connect to any servers', {'192.168.0.16': ConnectionShutdown('Connection <AsyncoreConnection(140569820674832) 192.168.0.16:9042 (closed)> is already closed',)})
我的cqlshrc文件如下所示:
[connection]
hostname = 192.168.0.16
port = 9042
factory = cqlshlib.ssl.ssl_transport_factory
[ssl]
validate = false
certfile = /home/flavien/localhost.pem
对于certfile,我尝试过pem和crt文件,这没什么区别。
Cassandra日志中没有证据 - 没有错误,没有。
我的java版本是:
java version "1.8.0_25"
Java(TM) SE Runtime Environment (build 1.8.0_25-b17)
Java HotSpot(TM) 64-Bit Server VM (build 25.25-b02, mixed mode)
我已经安装了Java Cryptography Extension(JCE)Unlimited Strength Jurisdiction Policy Files。
我还尝试使用DevCenter和C#驱动程序进行连接,但无济于事。
知道如何让这项工作成功吗?