How to use self-signed certificates to connect to Azure Managed Instance for Apache Cassandra
Table of Contents
- Introduction
- Generate Self-Signed Certificates
- Connecting to the Cluster with cqlsh
- Connecting to the Cluster with Python
- Additional Security Measures
Introduction
Azure Managed Instance for Apache Cassandra provides a fully managed service for running Apache Cassandra workloads on Azure. By default, connections to the cluster are secured using SSL certificates signed by a Certificate Authority. This blog post explores how to use self-signed certificates to enhance authentication between the client and the server.
Generate Self-Signed Certificates
- Create a configuration file like
gen_rootCa_cert.conffrom DataStax documentation. - Use OpenSSL to generate the key and certificate in PEM format.
Connecting to the Cluster with cqlsh
- Configure
cqlshwith the path to your client certificate file and key file. - Validate the cluster's certificate using
openssl.
Connecting to the Cluster with Python
- Adjust contact points, port, certificates, key file, and queries based on your cluster setup.
- Use the cluster's node addresses provided by Azure Managed Instance for Apache Cassandra.
Additional Security Measures
- For an additional layer of protection, verify the server's identity to prevent connections to unauthorized servers.
- Azure Managed Instance for Apache Cassandra offers high security by default and can be used safely with minimal configuration.