For the Cassandra servers to trust each other, they must have the certificate of every
other server in their truststore. The same truststore can be used for client-to-node encryption and
for node-to-node encryption.
Procedure
To create a truststore, complete the following steps:
-
Log in to the Cassandra server as the user who installed Sterling B2B Integrator and
Global Mailbox.
-
Use the Java™
keytool utility that is provided in the IBM JDK that is installed during
installation with the following input:
keytool-importcert
-alias <name> -file <path to cert
file>.cer
-keystore <path to truststore> -storepass <password>
-storetype JKS
- -alias <name>
- Alias can be any value. This might be the same alias from the keystore, or a descriptive label
like self.
- -file <path to cert file>
- Specifies the fully-qualified path to the file where the server public certificate is exported
when its personal certificate was created in Generating a self-signed personal certificate.
- -keystore <path to truststore>
- Specifies the fully-qualified path of the server truststore file that is created (for example:
/etc/cassandra/conf/truststore.jks).
- -storepass <password>
- The truststore password can be any value. It is used to generate a key to encrypt the truststore
file.
- -storetype JKS
- The keystore type must be JKS.
-
When prompted, enter y to add the certificate into the truststore:
Trust this certificate? [no]: y
Certificate was added to keystore
-
Create a trust store for each Cassandra server in all data centers by repeating steps 1 to 3 on
all Cassandra servers.