Connecting AWS cassandra using c#

Question

I am trying to Connect to AWS Cassandra using this code:

       var pathToCAFile = $"{Directory.GetCurrentDirectory()}/AmazonRootCA1.pem";
        X509Certificate2[] certs = new X509Certificate2[] { new X509Certificate2(pathToCAFile, "amazon") };
        X509Certificate2Collection certificateCollection = new X509Certificate2Collection(certs);
        var options = new Cassandra.SSLOptions(SslProtocols.Tls11, true, ValidateServerCertificate);
        options.SetCertificateCollection(certificateCollection);
        Cluster cluster = Cluster
                            .Builder()
                            .WithCredentials("username", "password")
                            .WithPort(9142)
                            .AddContactPoint("cassandra.us-east-1.amazonaws.com")
                           .WithSSL()
                            .WithLoadBalancingPolicy(new DefaultLoadBalancingPolicy("us-east-1"))
                            .Build();

        // Connect to the nodes using a keyspace
        var session = cluster.Connect("system_distributed");

        // Execute a query on a connection synchronously
        var rs = session.Execute("select * from system.peers");

Here is the error that I'm getting:

"Cassandra.NoHostAvailableException: 'All hosts tried for query failed (tried 3.83.169.143:9142: AuthenticationException 'The remote certificate is invalid according to the validation procedure.')'

This exception was originally thrown at this call stack:

Cassandra.Connections.Control.ControlConnection.Connect(bool) System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(System.Threading.Tasks.Task) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(System.Threading.Tasks.Task) System.Runtime.CompilerServices.ConfiguredTaskAwaitable.ConfiguredTaskAwaiter.GetResult() Cassandra.Connections.Control.ControlConnection.InitAsync() System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(System.Threading.Tasks.Task) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(System.Threading.Tasks.Task) System.Runtime.CompilerServices.ConfiguredTaskAwaitable.ConfiguredTaskAwaiter.GetResult()... [Call Stack Truncated]

Answer 1

I assume you're using the DataStax C# driver. If that is the case there's this documentation section on SSL/TLS which also has links to a couple of examples: https://docs.datastax.com/en/developer/csharp-driver/3.15/features/tls/

If that snippet is accurate, you're not actually setting the SSLOptions on the Builder.WithSSL() method.

If that doesn't work and the code examples don't help you, please show us the ValidateServerCertificate method so we can see what might be going wrong on the certificate validation.

---

Edit (from my comment below):

On TLS/SSL documentation page there is a section that is relevant here: Enabling server authentication with a custom root certificate .

As mentioned in the documentation, you either have to install that certificate in the machine where the application is running or you have to provide a custom certificate validator similar to this one .

The SSLOptions.SetCertificateCollection() method is used for client authentication so it is not useful for your situation where you want server authentication.