Setting up SSL with self-signed certificates
![[Note]](../common/images/admon/note.png) | Note |
|---|---|
In product systems, use a CA-signed SSL certificated rather than a self-signed certificated. A self-signed certificated is a good way to test before deploying in production. |
Use the following steps to create and verify self-signed SSL certificates for use with HiveServer2:
List the keystore entries to verify that the certificate was added. Note that a keystore can contain multiple such certificates: keytool -list -keystore keystore.jks
Export this certificate from keystore.jks to a certificate file: keytool -export -alias example.com -file example.com.crt -keystore keystore.jks
Add this certificate to the client's truststore to establish trust: keytool -import -trustcacerts -alias example.com -file example.com.crt -keystore truststore.jks
Verify that the certificate exists in truststore.jks: keytool -list -keystore truststore.jks
Then start HiveServer2, and try to connect with beeline using: jdbc:hive2://<host>:<port>/<database>;ssl=true;sslTrustStore=<path-to-truststore>;trustStorePassword=<truststore-password>