configure-cassandra-nodes-for-ssl.txt

# Within each Cassandra node, start a Bash session
sudo docker exec -it csc bash

# Update and install Vim
apt-get update
apt-get install -qy vim

# Create a directory to store the Cassandra SSL certificates
mkdir /etc/cassandra/sslcert

# Copy the truststore and relevant keystore from the host to the Cassandra SSL certificate directory
cp /host/* /etc/cassandra/sslcert

# Change to the Cassandra SSL certificate directory
cd /etc/cassandra/sslcert

# For CSC1
cp 10.90.209.155.jks server-keystore.jks
cp generic-server-truststore.jks server-truststore.jks

# For CSC2
cp 10.90.209.196.jks server-keystore.jks
cp generic-server-truststore.jks server-truststore.jks

# For CSC3
cp 10.90.209.199.jks server-keystore.jks
cp generic-server-truststore.jks server-truststore.jks

# Within each node, set the ownership of the directory and contents to cassandra
chown -R cassandra:cassandra /etc/cassandra/sslcert

# Modify the YAML file
vim /etc/cassandra/cassandra.yaml

# Modify the Server Encryption Options section, currently line number 1002
server_encryption_options:
    internode_encryption: all
    keystore: /etc/cassandra/sslcert/server-keystore.jks
    keystore_password: myKeyPass
    truststore: /etc/cassandra/sslcert/server-truststore.jks
    truststore_password: truststorePass
    # More advanced defaults below:
    protocol: TLS
    algorithm: SunX509
    store_type: JKS
    cipher_suites: [TLS_RSA_WITH_AES_256_CBC_SHA]
    require_client_auth: true

# Save and exit YAML file

# Restart the docker container
sudo docker restart csc