Configuring Wire Encryption
Also available as:
PDF
loading table of contents...

Enable SSL on HiveServer2

When using HiveServer2 without Kerberos authentication, you can enable SSL.

Perform the following steps on the HiveServer2.
  1. Log into the cluster as the hive user. Having hive user permissions when creating the Java keystore file sets up the proper user::group ownership, which allows HiveServer to access the file and prevents HiveServer startup failure.
  2. Run the following command to create a keystore for hiveserver2: keytool -genkey -alias hbase -keyalg RSA -keysize 1024 -keystore hive.jks.
  3. Edit the hive-site.xml, set the following properties to enable SSL:
    <property>
      <name>hive.server2.use.SSL</name>
      <value>true</value>
      <description></description>
    </property>
     
    <property>
      <name>hive.server2.keystore.path</name>
      <value>keystore-file-path</value>
      <description></description>
    </property>
    
    <property>
      <name>hive.server2.keystore.password</name>
      <value>keystore-file-password</value>
      <description></description>
    </property>
  4. On the client-side, specify SSL settings for Beeline or JDBC client as follows:jdbc:hive2://<host>:<port>/<database>;ssl=true;sslTrustStore=<path-to-truststore>;trustStorePassword=<password>.