Hi Dojo,
I have local DMA and Cassandra that gets installed by DMA installer 10.2. My DMA version is 10.4.6. I would like to update my Cassandra to newer version, ideally I would remove Cassandra completely and install new version. I don't care about any data in the DB but I'm not sure if DMA will care or if I can just point it to the new Cassandra and it will automatically setup everything it needs on the new DB.
Where can I find information about supported Cassandra versions?
I've also been trying to setup Cassandra to use TLS and generating certificates with the script that is mentioned in the DataMiner docs however that script doesn't seem to work. It does generate certificates but Cassandra refuses to run with them. Is generate-tls-certificates repo still up to date and useable?
I also had issues with "curl https://localhost:9042" where it returns HTTP0.9. Is this expected response from Cassandra or is it an issue with my cassandra.ymal configuration?
Thanks
Hi Bert,
Thanks for the tip, but since I’m using it for experimenting and playing around I would like to avoid incurring additional cost for those purposes.
Cheers
Hi Seppe,
I get following exception in Cassandra logs on startup:
ObjectIdentifier() -- data isn't an object ID (tag = 48).
I'm using keytool from C:\Program Files\Java\jdk-22\bin. I tried with keytool from C:\Program Files\Java\jre-1.8\bin with same results.
I've also tried both keytools with store_type: JKS in which case I get Invalid keystore format, which makes sense for jdk-22 since it does say it created PKCS12 store, but when I use script with jre-1.8 I can see warning about using JKS store and still the store apparently ends up being of type PKCS12.
I tried commenting out protocol, algorithm, store_type and cipher_suites for both server and client encryption with no avail.
This is my cassandra.yaml:
Full list of cipher_suites:[
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
As far as I could figure ObjectIdentifier() -- data isn't an object ID (tag = 48) exception is related to JVM version, but since I'm using the newest one I'm not sure what else could be the cause and that's why I was thinking updating Cassandra would fix it. I also tried setting JAVA_HOME environment to point to both jre-1.8 and jdk-22 with same results.
Hi,
My first guess is that the encryption algorithm used to encrypt the PCKS12 file is not (yet) supported by Java. To test this, I would to check which openssl and java versions that were used for the generation of the certificates, and which java version that is used by cassandra.
“AES encryption in pkcs12 is not supported in java up to java 11” and cassandra 3.x uses Java 8. How hard would it be to modify the script to not generate AES keys? Do you think that’s something I could do myself?
I would assume that you have openssl 3.x installed, while the script was developed and tested using the openssl 1.x range. You could try to solve this by adding the ‘-legacy’ option to the openssl operations in the script.
FYI: it’s now recommended to use STaaS, this will immediately solve all your questions here and you’ll have more time and more compute resources again to focus on other things.