-
-
Save cmouse/264034469d4327fe1cbe08f2a6a920ed to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
client_encryption_options: | |
enabled: true | |
keystore: /etc/cassandra/keystore.p12 | |
keystore_password: password | |
truststore: /etc/cassandra/truststore.p12 | |
truststore_password: password | |
protocol: TLS | |
algorithm: SunX509 | |
store_type: PKCS12 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
:~# openssl pkcs12 -info -aes256 -password pass:password -in /etc/cassandra/keystore.p12 -passin pass:password | |
MAC: sha1, Iteration 2048 | |
MAC length: 20, salt length: 8 | |
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048 | |
Certificate bag | |
Bag Attributes | |
friendlyName: cassandra | |
localKeyID: B7 32 3A 1F ED B6 63 F9 AC 9E B0 E2 2D 88 41 37 BE 0B 44 63 | |
subject=C = FI, O = Dovecot, CN = localhost | |
issuer=C = FI, O = Dovecot, CN = Dovecot Server ECC Intermediate CA | |
-----BEGIN CERTIFICATE----- | |
MIIDcDCCAvagAwIBAgIBAzAKBggqhkjOPQQDAjBMMQswCQYDVQQGEwJGSTEQMA4G | |
A1UECgwHRG92ZWNvdDErMCkGA1UEAwwiRG92ZWNvdCBTZXJ2ZXIgRUNDIEludGVy | |
bWVkaWF0ZSBDQTAeFw0yMDA4MjQwODA5MzRaFw0yMTA4MjQwODA5MzRaMDMxCzAJ | |
BgNVBAYTAkZJMRAwDgYDVQQKDAdEb3ZlY290MRIwEAYDVQQDDAlsb2NhbGhvc3Qw | |
djAQBgcqhkjOPQIBBgUrgQQAIgNiAATuaaf3VWJNSXhZBQiIhGBQ29zNpmmZPsJo | |
d25Luf9C6P9nDlmDwveSPTNxBhYpcfR5QYIHcfVAigbjpFsa4eEw+1RhHbpPGDy5 | |
ZdBbSezCJRBznuO3AO7Lw8ulC84EhXmjggHDMIIBvzAMBgNVHRMBAf8EAjAAMA4G | |
A1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQUU/u1 | |
khP2dxAWMPOcbamF4EVz8E8wbAYDVR0jBGUwY4AUylD5S/dT6N6aJbrmAUtN5UpW | |
XeWhSKRGMEQxCzAJBgNVBAYTAkZJMRAwDgYDVQQKDAdEb3ZlY290MSMwIQYDVQQD | |
DBpEb3ZlY290IFNlcnZlciBFQ0MgUk9PVCBDQYIBAjAzBgNVHR8ELDAqMCigJqAk | |
hiJodHRwOi8vbG9jYWxob3N0L2NhL3Jldm9jYXRpb24uY3JsMGAGCCsGAQUFBwEB | |
BFQwUjAtBggrBgEFBQcwAoYhaHR0cDovL2xvY2FsaG9zdC9jYS9jYWlzc3VlcnMu | |
Y3J0MCEGCCsGAQUFBzABhhVodHRwOi8vbG9jYWxob3N0L29jc3AwZgYDVR0RBF8w | |
XYIJbG9jYWxob3N0gglsb2NhbGhvc3SCFWxvY2FsaG9zdC5sb2NhbGRvbWFpbocE | |
fwAAAYcQAAAAAAAAAAAAAAAAAAAAAYcEfwAAAocQAAAAAAAAAAAAAAAAAAAAAjAK | |
BggqhkjOPQQDAgNoADBlAjEAy/MLAthtB9QkqYFmAkSprZGBKfQUCHOFuplD+ETc | |
Ugni0x/OAlYMKkJNn9MVYsr0AjBbEtgIh5IqWJIgyMGo+eXQFvBdIHbcb+xUCb2i | |
a9Es0dsMuAvhyIWZUjO/VoqhZM8= | |
-----END CERTIFICATE----- | |
Certificate bag | |
Bag Attributes: <No Attributes> | |
subject=C = FI, O = Dovecot, CN = Dovecot Server ECC Intermediate CA | |
issuer=C = FI, O = Dovecot, CN = Dovecot Server ECC ROOT CA | |
-----BEGIN CERTIFICATE----- | |
MIICujCCAkGgAwIBAgIBAjAKBggqhkjOPQQDAjBEMQswCQYDVQQGEwJGSTEQMA4G | |
A1UECgwHRG92ZWNvdDEjMCEGA1UEAwwaRG92ZWNvdCBTZXJ2ZXIgRUNDIFJPT1Qg | |
Q0EwHhcNMjAwODI0MDgwOTM0WhcNMjEwODI0MDgwOTM0WjBMMQswCQYDVQQGEwJG | |
STEQMA4GA1UECgwHRG92ZWNvdDErMCkGA1UEAwwiRG92ZWNvdCBTZXJ2ZXIgRUND | |
IEludGVybWVkaWF0ZSBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABArOJZ0T4xsT | |
Wx9hS64xRurOgA/+fiqH9yPk1AKCyJfoK0xoviLnG0it2FGSFG5Hi3/Xv5p38WPM | |
AdhIs15IWiE5zuPD9P+Juh+UdJAlTZUe8vCIKBHvlQfi/6YowwUPm6OB/jCB+zAd | |
BgNVHQ4EFgQUylD5S/dT6N6aJbrmAUtN5UpWXeUwHwYDVR0jBBgwFoAUc3zXuvgl | |
tHWZZDsTP3f3K07i2B0wEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMC | |
AYYwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2xvY2FsaG9zdC9jYS9yZXZvY2F0 | |
aW9uLmNybDBgBggrBgEFBQcBAQRUMFIwLQYIKwYBBQUHMAKGIWh0dHA6Ly9sb2Nh | |
bGhvc3QvY2EvY2Fpc3N1ZXJzLmNydDAhBggrBgEFBQcwAYYVaHR0cDovL2xvY2Fs | |
aG9zdC9vY3NwMAoGCCqGSM49BAMCA2cAMGQCMECPDE0Mc/eGYmEODz94kZxOoU30 | |
XOLS5eeo6mNcHgJ5Mf28YpaM9TQ8965ELkbAdgIwQOMSA5NTCMGxkLJgwq8xbtcY | |
9Y+VhNnOV7RhgZMpGbV5AixaXOSdBhwN+9ncXDkm | |
-----END CERTIFICATE----- | |
PKCS7 Data | |
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048 | |
Bag Attributes | |
friendlyName: cassandra | |
localKeyID: B7 32 3A 1F ED B6 63 F9 AC 9E B0 E2 2D 88 41 37 BE 0B 44 63 | |
Key Attributes: <No Attributes> | |
Enter PEM pass phrase: | |
Verifying - Enter PEM pass phrase: | |
-----BEGIN ENCRYPTED PRIVATE KEY----- | |
MIIBHDBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQImdDodcWYCaMCAggA | |
MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBC/7GXqY5iGWujK3CeEo9otBIHA | |
PHQOaSClTie0f7oLKVJcIY+JTjfm6az7JvMoJaYCWmLh2q1zujcwRGWTH35lgJXw | |
NWRFCDzp93Lx2Gqz6LvGD9RiWlD4F9HkiJKOee7SBWOnLd0uHLYcj5muzQMY9GBp | |
YVSehgsWKX/vRWKItrdjrpzyQ9y2XKmpvcoLvw8cNSwVLW8Q3bCUmlM4kDZT7URV | |
gF7Ph/Kn9ji64P8dHlf0ik8CdT/AavZfZd3a1g/5zXQUNwdc8T/EbyTo0dpypcKa | |
-----END ENCRYPTED PRIVATE KEY----- | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# env SSL_CERTFILE=/tmp/testrun-200824_080933/dict-sql-ssl/etc/dovecot/ec-server-ca.pem cqlsh --ssl | |
Connected to ci-cluster at localhost:9042. | |
[cqlsh 5.0.1 | Cassandra 3.11.6 | CQL spec 3.4.4 | Native protocol v4] | |
Use HELP for help. | |
cqlsh> DESCRIBE KEYSPACES; | |
system_traces system_schema system_auth system system_distributed | |
cqlsh> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <stdlib.h> | |
#include <cassandra.h> | |
static const char *server_ca_cert = | |
"-----BEGIN X509 CRL-----\n" | |
"MIIBajCB8QIBATAKBggqhkjOPQQDAjBEMQswCQYDVQQGEwJGSTEQMA4GA1UECgwH\n" | |
"RG92ZWNvdDEjMCEGA1UEAwwaRG92ZWNvdCBTZXJ2ZXIgRUNDIFJPT1QgQ0EXDTIw\n" | |
"MDgyNDA4MDkzNFoXDTIwMDkyMzA4MDkzNFqgfDB6MGwGA1UdIwRlMGOAFHN817r4\n" | |
"JbR1mWQ7Ez939ytO4tgdoUikRjBEMQswCQYDVQQGEwJGSTEQMA4GA1UECgwHRG92\n" | |
"ZWNvdDEjMCEGA1UEAwwaRG92ZWNvdCBTZXJ2ZXIgRUNDIFJPT1QgQ0GCAQEwCgYD\n" | |
"VR0UBAMCAQEwCgYIKoZIzj0EAwIDaAAwZQIwbAmAEEPhoOnkQvdO1m6CIO4tzg0F\n" | |
"L8K1iiVfSgwa//eamXBej2v4daSL0onsPWriAjEA6zwYb3Hi/ceyDff93U30yYVa\n" | |
"B61D3v+HBUxH7aoFBpMCYBvDgF8V7ltDIVt9Aaoj\n" | |
"-----END X509 CRL-----\n" | |
"-----BEGIN X509 CRL-----\n" | |
"MIIBcTCB+QIBATAKBggqhkjOPQQDAjBMMQswCQYDVQQGEwJGSTEQMA4GA1UECgwH\n" | |
"RG92ZWNvdDErMCkGA1UEAwwiRG92ZWNvdCBTZXJ2ZXIgRUNDIEludGVybWVkaWF0\n" | |
"ZSBDQRcNMjAwODI0MDgwOTM0WhcNMjAwOTIzMDgwOTM0WqB8MHowbAYDVR0jBGUw\n" | |
"Y4AUylD5S/dT6N6aJbrmAUtN5UpWXeWhSKRGMEQxCzAJBgNVBAYTAkZJMRAwDgYD\n" | |
"VQQKDAdEb3ZlY290MSMwIQYDVQQDDBpEb3ZlY290IFNlcnZlciBFQ0MgUk9PVCBD\n" | |
"QYIBAjAKBgNVHRQEAwIBAjAKBggqhkjOPQQDAgNnADBkAjAC9nll//owT11sYub/\n" | |
"ZZAtW2VnjLm8FXxNd/nBNmHM1V6d5ee46khbReciy2Xt9ewCMCrAYgLX7oiY2YbR\n" | |
"Y/xqZIP5txkfoE8dmcZyQdu8MmdFEyG6IhDiF92FpxQ7Z8j/Ug==\n" | |
"-----END X509 CRL-----\n" | |
"Certificate:\n" | |
" Data:\n" | |
" Version: 3 (0x2)\n" | |
" Serial Number: 1 (0x1)\n" | |
" Signature Algorithm: ecdsa-with-SHA256\n" | |
" Issuer: C=FI, O=Dovecot, CN=Dovecot Server ECC ROOT CA\n" | |
" Validity\n" | |
" Not Before: Aug 24 08:09:34 2020 GMT\n" | |
" Not After : Aug 24 08:09:34 2021 GMT\n" | |
" Subject: C=FI, O=Dovecot, CN=Dovecot Server ECC ROOT CA\n" | |
" Subject Public Key Info:\n" | |
" Public Key Algorithm: id-ecPublicKey\n" | |
" Public-Key: (384 bit)\n" | |
" pub:\n" | |
" 04:b5:dd:30:33:21:19:75:12:c2:3b:6e:4c:5b:a9:\n" | |
" b9:c7:99:30:c7:ed:5b:7d:05:06:7e:c3:2a:af:d1:\n" | |
" 6b:ba:f9:9a:bc:95:79:bd:12:2a:fb:62:5f:42:a5:\n" | |
" 33:37:aa:af:77:82:3e:41:e0:1c:29:d7:a1:bd:a6:\n" | |
" 78:06:95:bb:bd:85:03:a0:0f:99:67:35:04:95:41:\n" | |
" c9:96:e9:7c:39:2c:0d:23:33:38:a4:97:c3:cc:63:\n" | |
" 02:52:95:bf:f9:af:84\n" | |
" ASN1 OID: secp384r1\n" | |
" NIST CURVE: P-384\n" | |
" X509v3 extensions:\n" | |
" X509v3 Subject Key Identifier: \n" | |
" 73:7C:D7:BA:F8:25:B4:75:99:64:3B:13:3F:77:F7:2B:4E:E2:D8:1D\n" | |
" X509v3 Authority Key Identifier: \n" | |
" keyid:73:7C:D7:BA:F8:25:B4:75:99:64:3B:13:3F:77:F7:2B:4E:E2:D8:1D\n" | |
"\n" | |
" X509v3 Basic Constraints: critical\n" | |
" CA:TRUE, pathlen:1\n" | |
" X509v3 Key Usage: critical\n" | |
" Digital Signature, Certificate Sign, CRL Sign\n" | |
" Signature Algorithm: ecdsa-with-SHA256\n" | |
" 30:64:02:30:3d:47:85:c2:ca:2f:6d:09:52:a5:24:5c:e9:d2:\n" | |
" 40:80:2f:fd:f4:b0:ae:e5:48:c7:7b:24:17:ed:6c:7b:59:e9:\n" | |
" 14:3d:ae:d4:f7:03:40:c4:9b:5a:ad:c1:84:f8:54:0d:02:30:\n" | |
" 3d:52:2f:07:1e:e9:d3:b0:f1:08:ce:25:0d:98:0c:05:fe:dc:\n" | |
" 71:ec:e7:3f:cd:c4:be:ed:6f:1a:de:19:67:0e:ea:cd:bf:4d:\n" | |
" bf:51:8b:e1:4c:be:fb:78:af:ce:cc:5a\n" | |
"-----BEGIN CERTIFICATE-----\n" | |
"MIICGTCCAaCgAwIBAgIBATAKBggqhkjOPQQDAjBEMQswCQYDVQQGEwJGSTEQMA4G\n" | |
"A1UECgwHRG92ZWNvdDEjMCEGA1UEAwwaRG92ZWNvdCBTZXJ2ZXIgRUNDIFJPT1Qg\n" | |
"Q0EwHhcNMjAwODI0MDgwOTM0WhcNMjEwODI0MDgwOTM0WjBEMQswCQYDVQQGEwJG\n" | |
"STEQMA4GA1UECgwHRG92ZWNvdDEjMCEGA1UEAwwaRG92ZWNvdCBTZXJ2ZXIgRUND\n" | |
"IFJPT1QgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAS13TAzIRl1EsI7bkxbqbnH\n" | |
"mTDH7Vt9BQZ+wyqv0Wu6+Zq8lXm9Eir7Yl9CpTM3qq93gj5B4Bwp16G9pngGlbu9\n" | |
"hQOgD5lnNQSVQcmW6Xw5LA0jMzikl8PMYwJSlb/5r4SjZjBkMB0GA1UdDgQWBBRz\n" | |
"fNe6+CW0dZlkOxM/d/crTuLYHTAfBgNVHSMEGDAWgBRzfNe6+CW0dZlkOxM/d/cr\n" | |
"TuLYHTASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBhjAKBggqhkjO\n" | |
"PQQDAgNnADBkAjA9R4XCyi9tCVKlJFzp0kCAL/30sK7lSMd7JBftbHtZ6RQ9rtT3\n" | |
"A0DEm1qtwYT4VA0CMD1SLwce6dOw8QjOJQ2YDAX+3HHs5z/NxL7tbxreGWcO6s2/\n" | |
"Tb9Ri+FMvvt4r87MWg==\n" | |
"-----END CERTIFICATE-----\n"; | |
int main(void) | |
{ | |
cass_log_set_level(CASS_LOG_TRACE); | |
CassCluster *cluster = cass_cluster_new(); | |
CassSsl *ssl = cass_ssl_new(); | |
cass_ssl_add_trusted_cert(ssl, server_ca_cert); | |
cass_ssl_set_verify_flags(ssl, CASS_SSL_VERIFY_PEER_CERT); | |
cass_cluster_set_ssl(cluster, ssl); | |
cass_ssl_free(ssl); | |
cass_cluster_set_contact_points(cluster, "127.0.0.1"); | |
cass_cluster_set_protocol_version(cluster, CASS_PROTOCOL_VERSION_V4); | |
CassSession *session = cass_session_new(); | |
cass_session_connect_keyspace(session, cluster, "test"); | |
cass_session_free(session); | |
cass_cluster_free(cluster); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment