Set up SSL with self-signed certificates
Use the following steps to create and verify self-signed SSL certificates for use with HiveServer2.
-
List the keystore entries to verify that the certificate was added. Note that a
keystore can contain multiple such certificates:
keytool -list -keystore keystore.jks
. -
Export this certificate from keystore.jks to a certificate file:
keytool -export -alias example.com -file example.com.crt -keystore keystore.jks
. -
Add this certificate to the client's truststore to establish trust:
keytool -import -trustcacerts -alias example.com -file example.com.crt -keystore truststore.jks
. -
Verify that the certificate exists in truststore.jks:
keytool -list -keystore truststore.jks
. -
Then start HiveServer2, and try to connect with beeline using:
jdbc:hive2://<host>:<port>/<database>;ssl=true;sslTrustStore=<path-to-truststore>;trustStorePassword=<truststore-password>
.