[ https://issues.apache.org/jira/browse/CASSANDRA-7528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14057683#comment-14057683 ]
Brandon Williams commented on CASSANDRA-7528: --------------------------------------------- AFAICT, you must cast it anyway to get to getNotAfter, so there's slight savings to be had with the check. > certificate not validated for internode SSL encryption. > ------------------------------------------------------- > > Key: CASSANDRA-7528 > URL: https://issues.apache.org/jira/browse/CASSANDRA-7528 > Project: Cassandra > Issue Type: Improvement > Components: Core > Environment: Amazon Linux on various AWS EC2 instance types. > Reporter: Joseph Clark > Assignee: Brandon Williams > Fix For: 2.0.10, 2.1.0 > > Attachments: 7528.txt > > > An expired certificate may be used to encrypt internode communication. > To reproduce, set the server_encryption_options to enable internode > encryption. Add the private key to the specified .keystore, and an expired > certificate generated using the private key to the specified truststore. The > same keys are used far all cassandra nodes in the cluster. > When cassandra is started, it is able to communicate with other cassandra > nodes even though the certificate is expired. -- This message was sent by Atlassian JIRA (v6.2#6252)