Connecting to Cassandra via CQLSH with SSL

Basically, you need the public portion of the client cert. If you setup SSL using DataStax LCM, then you should have the cluster_<uuid>.crt file on the OpsCenter node at /var/lib/opscenter/ssl/lcm. Otherwise, you will need to go to a node and export the public portion of the cert (if you have different certs on each node, then you will need to grab the public portion of the cert from each node), you can use something like:

keytool -export -alias cassandra -file cassandranode0.cer -keystore .keystore

For instance, in the lab:

1) I scp’d cluster_<uuid>.crt to a node in the cluster under /home/automaton/.cassandra

2) I added a file named /home/automaton/.cassandra/cqlshrc, and in that file I added the following contents:

[ssl]
certfile = /home/automaton/.cassandra/cluster_3be6d91d-7876–437d-9fc7–0b563c966001.crt
validate = false
[authentication]
username = cassandra
password = cassandra
[connection]
hostname = 127.0.0.1
port = 9042

3) I was then able to connect using cqlsh:

cqlsh --ssl 10.101.33.95