Hadoop Security Guide
Also available as:
PDF
loading table of contents...

Setting up SSL with self-signed certificates

[Note]Note

In product systems, use a CA-signed SSL certificated rather than a self-signed certificated. A self-signed certificated is a good way to test before deploying in production.

Use the following steps to create and verify self-signed SSL certificates for use with HiveServer2:

  1. List the keystore entries to verify that the certificate was added. Note that a keystore can contain multiple such certificates: keytool -list -keystore keystore.jks

  2. Export this certificate from keystore.jks to a certificate file: keytool -export -alias example.com -file example.com.crt -keystore keystore.jks

  3. Add this certificate to the client's truststore to establish trust: keytool -import -trustcacerts -alias example.com -file example.com.crt -keystore truststore.jks

  4. Verify that the certificate exists in truststore.jks: keytool -list -keystore truststore.jks

  5. Then start HiveServer2, and try to connect with beeline using: jdbc:hive2://<host>:<port>/<database>;ssl=true;sslTrustStore=<path-to-truststore>;trustStorePassword=<truststore-password>