The keys don't have to be on the box. You do need a logi/password for c*. sent from my mobile Daemeon C.M. Reiydelle USA 415.501.0198 London +44.0.20.8144.9872 On Jan 14, 2016 5:16 PM, "oleg yusim" <olegyu...@gmail.com> wrote:
> Greetings, > > Guys, can you please help me to understand following: > > I'm reading through the way keystore and truststore are implemented, and > it is all fine and great, but at the end Cassandra documentation > instructing to extract all the keystore content and leave all certs and > keys in a clear. > > Do I miss something here? Why are we doing it? What is the point to even > have a keystore then? It doesn't look very secure to me... > > Another item - cassandra.yaml has passwords from keystore and truststore - > clear text... what is the point to have these stores then, if passwords are > out? > > Thanks, > > Oleg >