Hi,
I am doing Stage migration to the Cassandra/ Elastic clusters. Normally connection to clusters are secured by ssl.
Does any one had chance to use migration tool when there is secure communication ssl/https with cassandra/ elastic clusters?
I am not able to initialize migration in Migration Tool
but when I will turn off security (so no ssl, no https) initialization goes fine
I am not so familiar with certificates but in our cluster there is one - the same cert for each node:
so for all Cassandra nodes it is cert
CN: dma-cassandra.comp.local
for all elastic nodes it is cert:
CN: dma-elastic.comp.local
is it ok one cert for each node
or maybe it is not ok and I need to eg. add all nodes to "Subject Alternative Names" ?
so eg. for elastic cert:
DNS Name = dma-elastic-01.comp.local
DNS Name = dma-elastic-02.comp.local
DNS Name = dma-elastic-03.comp.local
DNS Name = dma-elastic-04.comp.local
etc
Hey Piotr,
Using the same certificate for different nodes shouldn't cause the migration tool to fail. Although, it's recommended to use individual certificates tied to each nodes DNS name/IP. This will allow strict hostname checking. More info here xpack.security.transport.ssl.verification_mode.
Failing initialization when security is enabled might be due to DataMiner not trusting the root CA that signed your certificates. Is the root CA installed as a trusted root authority on each DataMiner server? See Configure clients (and DataMiner Systems) to access the cluster.
Hi Piotr, which DataMiner version are you running? DataMiner can only connect to a TLS enabled Elasticsearch from 10.2.0 CU0 onwards and to a TLS 1.2 enabled Cassandra from 10.2.0 CU1 onwards.