I’m trying to connect my db (cassandra) with Kong using two way auth server auth and client auth. Currently I’m using kong 2.4.0 and Cassandra 3.11.11 in docker.
I can see there are setting for Api requests for tls communication (ssl_cert and ssl_cert_key), also a plugin mTLS for enterprise edition, but when it comes to cassandra I can’t see a setting to make kong send its cert to the server (cassandra).
I also struggle to see how kong defines its handshake, can’t really work on the lua.
It’s not supported by kong currently or by the openresty /lua libs behind? I sould configure something on a nginx custom config?
I think kong just send me a generic error for handshake:
/usr/local/share/lua/5.1/kong/cmd/start.lua:33: [Cassandra error] all hosts tried for query failed. 172.18.0.3: SSL handshake: sslv3 alert bad certificate
I can see by cassandra logs (enabling java logs in handshake) :
I can see from newer docs (kong 2.6.x and 2.7.x ) there are pg_ssl_cert and pg_ssl_cert_key. I did not quite understood if they are enterprise or oss features, because I can’t notice them in the kong.default
( kong/kong.conf.default at 2.7.0 · Kong/kong · GitHub ).
I was looking for something similar with cassandra, I would say they didn’t work on some cassandra_ssl_cert and cassandra_ssl_cert_key for mutual auth, since kong will not support cassandra anymore.
So the best advice should be to migrate to postgres and to a newer kong version?
I don’t know if there would be some workaround to this issue.
I knew these two setting for using mutual TLS with postgres so I assumed there are similar ones for setting Cassandra. (I was wrong…)
pg_ssl_cert and pg_ssl_cert_key are for both OSS and Enterprise versions. If you don’t see Enterprise badge, it means the parameter works for both versions.
I would suggest you to migrate to postures as Cassandra is deprecated.