When using HiveServer2 without Kerberos authentication, you can enable SSL.
![[Note]](../common/images/admon/note.png) | Note |
|---|---|
In order to access SSL enabled HDP Services through the Knox Gateway, additional configuration on the Knox Gateway is required, see Apache Knox Gateway Adminsitrator Guide, Gateway Security, Configure Wire Encryption. |
Perform the following steps on the HiveServer2:
Run the following command to create a keystore for hiveserver2::
keytool -genkey -alias hbase -keyalg RSA -keysize 1024 -keystore hbase.jks
Edit the
hive-site.xml, set the following properties to enable SSL:<property> <name>hive.server2.enable.SSL</name> <value>true</value> <description></description> </property> <property> <name>hive.server2.keystore.path</name> <value>$keystore-file-path</value> <description></description> </property> <property> <name>hive.server2.keystore.password</name> <value>$keystore-file-password</value> <description></description> </property>
On the client-side, specify SSL settings for Beeline or JDBC client as follows:
jdbc:hive2://$host:$port/$database;ssl=true;sslTrustStore=$path-to-truststore;trustStorePassword=$password
