Cqlsh with client to node SSL encryption
Am trying to enable client to node SSL encryption in my DSE server.
My cqlshrc file looks like below
[connection] hostname = 127.0.0.1 port = 9160 factory = cqlshlib.ssl.ssl_transport_factory [ssl] certfile = /path/to/dse_node0.cer validate = true ;; Optional, true by default. [certfiles] ;; Optional section, overrides the default certfile in the [ssl] section. 22.214.171.124 = /path/to/dse_node0.cer
When I tried to login into cqlsh shell then am getting the below error
Connection error: Could not connect to 127.0.0.1:9160
There are several possible causes I hope one of these solutions is helpful.
1) The certificate in the ssl section is not the same as (derived from) the keystore specified in the cassandra.yaml file.
Solution: generate a certificate from the keystore used in the cassandra.yaml file and place that in the location pointed to in your cqlshrc file.
2) The certificate file or keystore is changed after starting the node. Cassandra loads a copy of the certificate when it starts up.
Solution: Restart the node.
3) In the certfiles section 127.0.0.1 is over-ridden by the wrong certificate
Solution: use the correct certificate or drop the 127.0.0.1 entry.