Cassandra SSL: no client key passphrase field, encrypted private key fails with vague error

[datlechin]

What happened?

Connecting to Cassandra over SSL with a client certificate + an encrypted private key fails. There's no field to enter the private key passphrase, so the encrypted key can't be loaded, and the connection fails with a vague SSL error that doesn't say the passphrase is missing.

Two underlying problems:

1. No passphrase field. The SSL connection form has CA Certificate, Client Certificate, and Client Key fields, but no "Client Key Passphrase" field. An encrypted private key can't be decrypted without it.
2. Client cert/key not applied for Cassandra. The Cassandra driver's connect path only loads the CA certificate. It doesn't pass the client certificate or client private key to the SSL context at all, so even an unencrypted client key is effectively ignored. The C driver supports this via cass_ssl_set_cert and cass_ssl_set_private_key(ssl, key, password), where password is the passphrase.

The error message should at least say what failed (missing/incorrect passphrase, key not loaded) instead of a generic SSL failure.

Steps to reproduce

1. New Cassandra connection.
2. Set SSL mode to Verify CA (or Verify Identity).
3. Set a CA certificate, a client certificate, and a client key that is encrypted with a passphrase.
4. Connect.
5. Connection fails. There's no prompt or field for the key passphrase, and the error doesn't explain why.

Expected behavior

• A "Client Key Passphrase" field (or a prompt) when a client private key is provided, with the value stored in Keychain like other secrets.
• The Cassandra driver applies the client certificate and private key (using the passphrase) to the SSL context, not just the CA cert.
• A clear error when the passphrase is missing or wrong, instead of a generic SSL failure.

Database type

N/A (Cassandra)