I’m trying to connect my db (cassandra) with Kong using two way auth server auth and client auth. Currently I’m using kong 2.4.0 and Cassandra 3.11.11 in docker.
I can see there are setting for Api requests for tls communication (ssl_cert and ssl_cert_key), also a plugin mTLS for enterprise edition, but when it comes to cassandra I can’t see a setting to make kong send its cert to the server (cassandra).
I also struggle to see how kong defines its handshake, can’t really work on the lua.
It’s not supported by kong currently or by the openresty /lua libs behind? I sould configure something on a nginx custom config?
I think kong just send me a generic error for handshake:
/usr/local/share/lua/5.1/kong/cmd/start.lua:33: [Cassandra error] all hosts tried for query failed. 172.18.0.3: SSL handshake: sslv3 alert bad certificate
I can see by cassandra logs (enabling java logs in handshake) :
*ServerHelloDone.java:97|Produced ServerHelloDone handshake message (* *<empty>* *)* *javax.net.ssl|FINE|55|epollEventLoopGroup-2-2|CertificateMessage.java:372|Consuming client Certificate handshake message (* *"Certificates": <empty list>* *)* *javax.net.ssl|SEVERE|55|epollEventLoopGroup-2-2|TransportContext.java:316|Fatal (BAD_CERTIFICATE): Empty server certificate chain (*
Thanks for any help or advice.