Configuring Hive to connect to TLS 1.2/TCPS-enabled databases
If you have enabled TLS on your database, then learn how to update the Hive Database JDBC URL Override property to connect to the secure databases.
- Go to Cloudera Manager > Hive > Configuration > Hive Metastore Server Advanced Configuration Snippet (Safety Valve) for hive-site.xml.
-
Configure the
javax.jdo.option.ConnectionURLproperty with values depending on the database type.- MySQL
jdbc:mysql://[***DB-HOST***]:[***DB-PORT***]/[***DB-NAME***]?sslMode=VERIFY_CA&trustCertificateKeyStoreUrl=file://[***TRUSTSTORE-PATH***]&trustCertificateKeyStoreType=jks&trustCertificateKeyStorePassword=[***TRUSTSTORE-PASSWORD***]&enabledTLSProtocols=TLSv1.2 - PostgreSQL
jdbc:postgresql://[***DB-HOST***]:[***DB-PORT***]/[***DB-NAME***]?sslMode=VERIFY_CA&trustCertificateKeyStoreUrl=file://[***TRUSTSTORE-PATH***]&trustCertificateKeyStoreType=jks&trustCertificateKeyStorePassword=[***TRUSTSTORE-PASSWORD***]&enabledTLSProtocols=TLSv1.2 - MariaDB
jdbc:mysql://[***DB-HOST***]:[***DB-PORT***]/[***DB-NAME***]?sslMode=VERIFY_CA&trustCertificateKeyStoreUrl=file://[***TRUSTSTORE-PATH***]&trustCertificateKeyStoreType=jks&trustCertificateKeyStorePassword=[***TRUSTSTORE-PASSWORD***]&enabledTLSProtocols=TLSv1.2 - Oracle TCPS
jdbc:oracle:thin:@tcps://[***DB-HOST***]:[***DB-PORT***]/[***DB-NAME***]?javax.net.ssl.trustStore=[***TRUSTSTORE-PATH***]&javax.net.ssl.trustStorePassword=[***TRUSTSTORE-PASSWORD***]&oracle.net.ssl_server_dn_match=false
Where,[***DB-HOST***],[***DB-PORT***], and[***DB-NAME***]represent the Host, Port, and Database name used for the Hive Metastore service.[***TRUSTSTORE-PATH***]represents the path to the Java truststore file.[***TRUSTSTORE-PASSWORD***]represents the password used to access the Java truststore file.
- MySQL
- Click Save Changes.
