Cassandra/Tools/cassandra-ca-manager
Easily manage Java keystores using a self-signed certificate authority.
Project
Usage
Step 1
Create a YAML-formatted manifest describing the certificate authority and machine certificates.
# The top-level working directory
base_directory: /path/to/base/directory
# The Certificate Authority
authority:
key:
size: 2048
cert:
subject:
organization: WMF
country: US
unit: Services
valid: 365
password: qwerty
# Java keystores
keystores:
- name: restbase1001-a
key:
size: 2048
cert:
subject:
organization: WMF
country: US
unit: Services
valid: 365
password: qwerty
- name: restbase1001-b
key:
size: 2048
cert:
subject:
organization: WMF
country: US
unit: Services
valid: 365
password: qwerty
- name: restbase1002-a
key:
size: 2048
cert:
subject:
organization: WMF
country: US
unit: Services
valid: 365
password: qwerty
Step 2
Run the script with the manifest as its only argument.
$ cassandra-ca-manager manifest.yaml
$ tree /path/to/base/directory
/path/to/base/directory
βββ restbase1001-a
β βββ restbase1001-a.crt
β βββ restbase1001-a.csr
β βββ restbase1001-a.kst
βββ restbase1001-b
β βββ restbase1001-b.crt
β βββ restbase1001-b.csr
β βββ restbase1001-b.kst
βββ restbase1002-a
β βββ restbase1002-a.crt
β βββ restbase1002-a.csr
β βββ restbase1002-a.kst
βββ rootCa.crt
βββ rootCa.key
βββ rootCa.srl
βββ truststore
3 directories, 13 files
Note: cassandra-ca-manager is idempotent, it will not overwrite any existing material in the base directory. To create additional keystores later, simply add their definitions to the manifest, and re-run the script.
Step 3
Copy the resulting truststore and *.kst files to their respective machines, and configure server and/or client encryption accordingly.