Configuring SSL Verification

If you are connecting to a Cassandra server that has Secure Sockets Layer (SSL) enabled, then you can configure the connector to connect to an SSL-enabled socket. When connecting to a server over SSL, the connector supports identity verification between the client and the server.

Note:

When connecting to Astra, two-way SSL verification is always enabled, and the required certificates are typically provided through the secure connection bundle.

Configuring an SSL Connection without Identity Verification

You can configure a connection that uses SSL but does not verify the identity of the client or the server.

To configure an SSL connection without verification:

  1. To access the SSL options for a DSN, open the ODBC Data Source Administrator where you created the DSN, then select the DSN, then click Configure, and then click Advanced Options.
  2. In the SSL area, select One-way Server Verification or Two-way Server and Client Verification.
  3. Clear the Enable Server Hostname Verification check box.
  4. To save your settings and close the dialog box, click OK.

Configuring One-way SSL Verification

You can configure one-way SSL verification so that the client verifies the identity of the Cassandra server.

To configure one-way SSL verification:

  1. To access the SSL options for a DSN, open the ODBC Data Source Administrator where you created the DSN, then select the DSN, then click Configure, and then click Advanced Options.
  2. In the SSL area, select One-way Server Verification.
  3. Ensure that the Enable Server Hostname Verification check box is selected.
  4. In the Trusted CA Certificates field, specify the full path of the PEM file containing the certificate for verifying the server.
  5. To save your settings and close the dialog box, click OK.

Configuring Two-way SSL Verification

You can configure two-way SSL verification so that the client and the Cassandra server verify each other.

To configure two-way SSL verification:

  1. To access the SSL options for a DSN, open the ODBC Data Source Administrator where you created the DSN, then select the DSN, then click Configure, and then click Advanced Options.
  2. In the SSL area, select Two-way Server and Client Verification.
  3. Ensure that the Enable Server Hostname Verification check box is selected.
  4. In the Trusted CA Certificates field, specify the full path of the PEM file containing the certificate for verifying the server.
  5. In the Client-side Certificate field, specify the full path of the PEM file containing the certificate for verifying the client.
  6. In the Client-side Private Key field, specify the full path of the file containing the private key used to verify the client.
  7. If the private key file is protected with a password, type the password in the Key File Password field. To save the password in the DSN, select the Remember Password check box.

    Important: Passwords are saved in plain text in the DSN; they are not encrypted or censored.

  8. To save your settings and close the dialog box, click OK.