Enable SSL on HiveServer2
You need to enable SSL on HiveServer by setting a few properties.
-
Log into the cluster as the
hive
user. Having hive user permissions when creating the Java keystore file sets up the properuser::group
ownership, which allows HiveServer to access the file and prevents HiveServer startup failure. -
Run the following command to create a keystore for hiveserver2:
keytool -genkey -alias hbase -keyalg RSA -keysize 1024 -keystore hive.jks
. -
Edit the
hive-site.xml
, set the following properties to enable SSL:<property> <name>hive.server2.use.SSL</name> <value>true</value> <description></description> </property> <property> <name>hive.server2.keystore.path</name> <value>keystore-file-path</value> <description></description> </property> <property> <name>hive.server2.keystore.password</name> <value>keystore-file-password</value> <description></description> </property>
-
On the client-side, specify SSL settings for Beeline or JDBC client as
follows:
jdbc:hive2://<host>:<port>/<database>;ssl=true;sslTrustStore=<path-to-truststore>;trustStorePassword=<password>
.