Spark to Cassandra SSL connection using spark-cassandra-connector

523 views
Skip to first unread message

Vitali Dyachuk

unread,
Apr 9, 2018, 10:32:01 AM4/9/18
to DataStax Spark Connector for Apache Cassandra
Hello,

I'm trying to setup an SSL connection between Spark and Cassandra using spark-cassandra-connector
Connectors SSL config:
spark.cassandra.connection.ssl.enabled true
spark.cassandra.connection.ssl.trustStore.password
spark.cassandra.connection.ssl.trustStore.path truststore_client.jks
spark.cassandra.connection.ssl.keyStore.password
spark.cassandra.connection.ssl.keyStore.path keystore_client.jks

Cassandra has a client verification enabled.
In Cassandra keystore there is a cert that is trusted on the Spark side - it has a CA with which the Cassandra's cert is signed. And vice a versa.
When Spark tries to connect Cassandra it gets:

io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: null cert chain

meaning that Cassandra did not receive the cert to which it trusts.
Certificate CN's of Spark and Cassandra does not contain a valid hostname.
Could it be the issue that they both try to verify the hostname and fail and there is no possibility in spark-cassandra-connecter to use some kind of ssl.verify=false ?

Regards,
Vitali Dyachuk.

Vitali Dyachuk

unread,
Apr 12, 2018, 9:42:30 AM4/12/18
to DataStax Spark Connector for Apache Cassandra

I've resolved the issue, the missing part was:
The missing part was: spark.cassandra.connection.ssl.clientAuth.enabled true

So if the Spark is a client and Cassandra is a server and C* requires client authentication, then spark.cassandra.connection config is:

spark.cassandra.connection.ssl.enabled true
spark.cassandra.connection.ssl.trustStore.password
spark.cassandra.connection.ssl.trustStore.path truststore.jks
spark.cassandra.connection.ssl.keyStore.password
spark.cassandra.connection.ssl.keyStore.path truststore.jks
spark.cassandra.connection.ssl.trustStore.type JKS
spark.cassandra.connection.ssl.clientAuth.enabled true

If server (C*) does not require client authentication, then:
spark.cassandra.connection.ssl.enabled true
spark.cassandra.connection.ssl.trustStore.password
spark.cassandra.connection.ssl.trustStore.path truststore.jks
spark.cassandra.connection.ssl.trustStore.type JKS

Reply all
Reply to author
Forward
0 new messages