1

I have truststore and keystore files and every information related to the cassandra account. There is a limitation with the application that i use to connect to cassandra as it doesn't provide me the option to specify my truststore and keystore files, hence i was looking if i can connect to cassandra over ssl using connection url properties(url properties)

Appreciate your help!!

Nazer Syed
  • 11
  • 1
  • On the application side, try taking the SSL cert from the keystore and adding it to your local cacerts file. – Aaron Mar 12 '19 at 13:57
  • 1
    Are you using the spark cassandra connector to connect to Cassandra? You need to provide the SSL options to the SparkContext config, as shown here: https://github.com/datastax/spark-cassandra-connector/blob/master/doc/1_connecting.md#preparing-sparkcontext-to-work-with-cassandra – Justin Cameron Mar 12 '19 at 23:48

1 Answers1

0

Instaclustr has a post on their site which describes how to connect with Spark to Cassandra over SSL: Instaclustr Spark with SSL Configured Cassandra

In Step #6, they provide detail on creating a Cassandra connection factory class, which has a createSSLOptions method that allows for the specification of specific details:

    SSLOptions createSSLOPtions (CassandraConnectorConf.CassandraSSLConf conf) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, KeyManagementException {
 if (conf.trustStorePath().isEmpty()) {
            return null;
        }
        try (InputStream trustStore = this.getClass().getClassLoader().getResourceAsStream(conf.trustStorePath().get())) {
                KeyStore keyStore = KeyStore.getInstance(conf.trustStoreType());
                keyStore.load(trustStore, conf.trustStorePassword().isDefined() ? conf.trustStorePassword().get().toCharArray() : null);

                TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                tmf.init(keyStore);

                SSLContext context = SSLContext.getInstance(conf.protocol());
                context.init(null, tmf.getTrustManagers(), new SecureRandom());

                ClassTag<String> tag = scala.reflect.ClassTag$.MODULE$.apply(String.class);

                return JdkSSLOptions.builder()
                        .withSSLContext(context)
                        .withCipherSuites((String[]) conf.enabledAlgorithms().toArray(tag)).build();
            }
        }

They then call that method to put the finishing touches on their connection builder object:

    if (conf.cassandraSSLConf().enabled()) {
        SSLOptions options = createSSLOPtions(conf.cassandraSSLConf());
        if (null != options) {
            builder = builder.withSSL(options);
        } else {
            builder = builder.withSSL();
        }
    }
    return builder;

Check out their site, and see if you can augment it to fit your needs.

Aaron
  • 55,518
  • 11
  • 116
  • 132