[ https://issues.apache.org/jira/browse/CASSANDRA-17513?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17522642#comment-17522642 ]
Dinesh Joshi commented on CASSANDRA-17513: ------------------------------------------ For internode communication, currently it is not possible for the server to identify itself using a client certificate. By adding this option we will be able to present a client identity to other nodes. The nodes can use this client certificate to authenticate the node. This makes it possible to implement mutual TLS which is currently not possible. {quote}The way I think is - A node has an identity that it uses to-be trusted- be it a client or server mode with the same peer. {quote} You cannot use the same certificate as a client certificate and a server certificate. They are distinct. You cannot use a client certificate as a server certificate and vice-versa. As far as operational overhead is concerned, this is not a required configuration item. It is optional and won't cause "overhead" unless it is actually used by the operator. > Add new property to pass keystore for outbound connections > ---------------------------------------------------------- > > Key: CASSANDRA-17513 > URL: https://issues.apache.org/jira/browse/CASSANDRA-17513 > Project: Cassandra > Issue Type: Bug > Reporter: Jyothsna Konisa > Assignee: Jyothsna Konisa > Priority: Normal > Time Spent: 20m > Remaining Estimate: 0h > > Same keystore is being set for both Inbound and outbound connections but we > should use a keystore with server certificate for Inbound connections and a > keystore with client certificates for outbound connections. So we should add > a new property in Cassandra.yaml to pass outbound keystore and use it in > SSLContextFactory for creating outbound SSL context. -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org