Cassandra – TLS – NoHostAvailableException

Solved1.61K viewsCassandra certificate TLS
8
0 Comments

In our Cassandra cluster there is one - the same cert for each node - so for all Cassandra nodes it is one cert with CN: dma-cassandra.comp.local

And I got NoHostAvailableException when I enable TLS communication <TLSEnabled>true</TLSEnabled>

2023/02/01 13:18:57.410|SLDBConnection|CassandraConnection::Connect|ERR|0|1|Cassandra.NoHostAvailableException: All hosts tried for query failed (tried 10.44.222.171:9042: AuthenticationException 'The remote certificate is invalid according to the validation procedure.'; 10.44.222.172:9042: AuthenticationException 'The remote certificate is invalid according to the validation procedure.'; ...), see Errors property for more info

Can I use one cert with one CN for all DB nodes or each Cassandra node must have separate cert and its CN must always match the machine's hostname?
Could you please give me a hint regarding this?

====07.02.2023===== I added Wireshark screenshot

Piotr Borowski [DevOps Member] Selected answer as best 14th February 2023

3 Answers

3
550 0 Comments

At the beginning Jeremiah and Michiel thank you very much, your answer helped me to diagnose this case. Bellow short summary

If we have many cassandra nodes and we want to have one certificate for all nodes, we need add two values in Subject Alternative Name (SAN) for each node:
DNSName
IPAddress

Piotr Borowski [DevOps Member] Answered question 14th February 2023
You are viewing 1 out of 3 answers, click here to view all answers.