Cqlsh与客户端到节点的SSL加密 [英] Cqlsh with client to node SSL encryption

问题描述

我尝试在我的DSE服务器中启用客户端到节点SSL加密。

我的cqlshrc文件如下所示

  $ b hostname = 127.0.0.1 
 port = 9160 
 factory = cqlshlib.ssl.ssl_transport_factory 
 
 [ssl] 
 certfile = /path/to/dse_node0.cer 
 validate = true ;;可选，默认情况下为true。 
 
 [certfiles] ;;可选部分，覆盖[ssl]部分中的默认certfile。 
 1.2.3.4 = /path/to/dse_node0.cer 
  

进入cqlsh shell然后得到以下错误

 连接错误：无法连接到127.0.0.1:9160 
  

解决方案

有几个可能的原因我希望这些解决方案之一是有帮助的。 p>

1）ssl部分中的证书与cassandra.yaml文件中指定的密钥库不同（派生自）。

解决方案：从cassandra.yaml文件中使用的密钥库生成证书，并将其放在cqlshrc文件中指向的位置。

2）启动节点后，证书文件或密钥库将更改。 Cassandra在启动时加载证书的副本。

解决方案：重新启动节点。

3）在certfiles部分，127.0.0.1被覆盖错误的证书

解决方案：使用正确的证书或删除127.0.0.1条目。

Am trying to enable client to node SSL encryption in my DSE server.

My cqlshrc file looks like below

 [connection]
 hostname = 127.0.0.1
 port = 9160
 factory = cqlshlib.ssl.ssl_transport_factory

 [ssl]
 certfile = /path/to/dse_node0.cer
 validate = true ;; Optional, true by default.

 [certfiles] ;; Optional section, overrides the default certfile in the [ssl] section.
 1.2.3.4 = /path/to/dse_node0.cer

When I tried to login into cqlsh shell then am getting the below error

Connection error: Could not connect to 127.0.0.1:9160

解决方案

There are several possible causes I hope one of these solutions is helpful.

1) The certificate in the ssl section is not the same as (derived from) the keystore specified in the cassandra.yaml file.

Solution: generate a certificate from the keystore used in the cassandra.yaml file and place that in the location pointed to in your cqlshrc file.

2) The certificate file or keystore is changed after starting the node. Cassandra loads a copy of the certificate when it starts up.

Solution: Restart the node.

3) In the certfiles section 127.0.0.1 is over-ridden by the wrong certificate

Solution: use the correct certificate or drop the 127.0.0.1 entry.

这篇关于Cqlsh与客户端到节点的SSL加密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！