我一直在尝试使用Cassandra 2.0.11在运行Datastax(DSE)4.6版的单节点集群中启用客户端到节点的ssl通信
执行datastax文档中的步骤后documentation
我继续收到以下错误消息;
INFO [Thread-3] 2015-01-25 09:00:21,383 ThriftServer.java(第135行)正在寻找节俭客户...... ERROR [Thrift:1] 2015-01-25 09:00:30,486 TNegotiatingServerTransport.java(第523行)无法打开服务器传输 . org.apache.thrift.transport.TTransportException:javax.net.ssl.SSLException:无法识别的SSL消息,明文连接?在com.datastax.bdp.transport.server的com.datastax.bdp.transport.server.TPreviewableTransport.readUntilEof(TPreviewableTransport.java:79)的org.apache.thrift.transport.TIOStreamTransport.read(TIOStreamTransport.java:129) .comreviewableTransport.preview(TPreviewableTransport.java:55)位于com.datastax.bdp.transport.server.TNegotiatingServerTransport.open(TNegotiatingServerTransport.java:186)com.datastax.bdp.transport.server.TNegotiatingServerTransport $ Factory.getTransport(TNegotiatingServerTransport)的.java:516)在com.datastax.bdp.transport.server.TNegotiatingServerTransport $ Factory.getTransport(TNegotiatingServerTransport.java:405)在org.apache.cassandra.thrift.CustomTThreadPoolServer $ WorkerProcess.run(CustomTThreadPoolServer.java:196)在java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)java.lang.ThreadPoolExecutor $ Worker.run(ThreadPoolExecutor.java:615)java.lang.Thread.run(Thread.java:744)引起:javax.net.ssl.SSLException:Unreco gnized SSL消息,明文连接? at sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:671)at sun.security.ssl.InputRecord.read(InputRecord.java:504)at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927) )在sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)在sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:882)在sun.security.ssl.AppInputStream.read(AppInputStream.java: 102)在java.io.BufferedInputStream.fill(BufferedInputStream.java:235)的java.io.BufferedInputStream.read1(BufferedInputStream.java:275)at java.io.BufferedInputStream.read(BufferedInputStream.java:334)at org . apache.thrift.transport.TIOStreamTransport.read(TIOStreamTransport.java:127)... 9 more ERROR [Thrift:1] 2015-01-25 09:00:30,513 CustomTThreadPoolServer.java(第222行)处理消息时出错 . 了java.lang.RuntimeException:无法打开服务器传输:未知的com.datastax.bdp.transport.server.TNegotiatingServerTransport $ Factory.getTransport(TNegotiatingServerTransport.java:524)在com.datastax.bdp.transport.server.TNegotiatingServerTransport $厂.getTransport(TNegotiatingServerTransport.java:405)在org.apache.cassandra.thrift.CustomTThreadPoolServer $ WorkerProcess.run(CustomTThreadPoolServer.java:196)在java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)在爪哇 . util.concurrent.ThreadPoolExecutor $ Worker.run(ThreadPoolExecutor.java:615)at java.lang.Thread.run(Thread.java:744)
这是我的cassandra.yaml文件
client_encryption_options:enabled:true keystore:/home/ubuntu/.keystore keystore_password:**** truststore:/home/ubuntu/.truststore truststore_password:**** protocol:ssl store_type:JKS cipher_suites:[TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA]
创建密钥库和信任库的步骤
keytool -genkey -keyalg RSA -alias node0 -keystore .keystore(使用主名称作为名字和姓氏)keytool -export -alias node0 -file node0.cer -keystore .keystore keytool -import -v -trustcacerts -alias node0 -file node0.cer -keystore .truststore
我已经通过从oracle网站下载所需的jar文件http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html,修复了他们在文档中遇到的TLS_RSA_WITH_AES_256_CBC_SHA错误
1 回答
此消息显示客户端正在尝试打开未加密的连接 .
首先想到的是检查是否启用了客户端证书身份验证 . 阅读本文:http://www.datastax.com/documentation/datastax_enterprise/4.6/datastax_enterprise/sec/secRunCqlsh.html
以下是启用cqlsh ssl连接的演练:https://github.com/PatrickCallaghan/datastax-ssl-example