Configuring Hive to connect to TLS 1.2/TCPS-enabled databases
If you have enabled TLS on your database, then learn how to update the Hive Database JDBC URL Override property to connect to the secure databases.
- Go to Cloudera Manager > Hive > Configuration > Hive Metastore Server Advanced Configuration Snippet (Safety Valve) for hive-site.xml.
-
Configure the
javax.jdo.option.ConnectionURL
property with values depending on the database type.- MySQL
jdbc:mysql://[***DB-HOST***]:[***DB-PORT***]/[***DB-NAME***]?sslMode=VERIFY_CA&trustCertificateKeyStoreUrl=file://[***TRUSTSTORE-PATH***]&trustCertificateKeyStoreType=jks&trustCertificateKeyStorePassword=[***TRUSTSTORE-PASSWORD***]&enabledTLSProtocols=TLSv1.2
- PostgreSQL
jdbc:postgresql://[***DB-HOST***]:[***DB-PORT***]/[***DB-NAME***]?sslMode=VERIFY_CA&trustCertificateKeyStoreUrl=file://[***TRUSTSTORE-PATH***]&trustCertificateKeyStoreType=jks&trustCertificateKeyStorePassword=[***TRUSTSTORE-PASSWORD***]&enabledTLSProtocols=TLSv1.2
- MariaDB
jdbc:mysql://[***DB-HOST***]:[***DB-PORT***]/[***DB-NAME***]?sslMode=VERIFY_CA&trustCertificateKeyStoreUrl=file://[***TRUSTSTORE-PATH***]&trustCertificateKeyStoreType=jks&trustCertificateKeyStorePassword=[***TRUSTSTORE-PASSWORD***]&enabledTLSProtocols=TLSv1.2
- Oracle TCPS
jdbc:oracle:thin:@tcps://[***DB-HOST***]:[***DB-PORT***]/[***DB-NAME***]?javax.net.ssl.trustStore=[***TRUSTSTORE-PATH***]&javax.net.ssl.trustStorePassword=[***TRUSTSTORE-PASSWORD***]&oracle.net.ssl_server_dn_match=false
Where,[***DB-HOST***]
,[***DB-PORT***]
, and[***DB-NAME***]
represent the Host, Port, and Database name used for the Hive Metastore service.[***TRUSTSTORE-PATH***]
represents the path to the Java truststore file.[***TRUSTSTORE-PASSWORD***]
represents the password used to access the Java truststore file.
- MySQL
- Click Save Changes.