Configuring Hive to connect to TLS 1.2/TCPS-enabled databases

If you have enabled TLS on your database, then learn how to update the Hive Database JDBC URL Override property to connect to the secure databases.

  1. Go to Cloudera Manager > Hive > Configuration > Hive Metastore Server Advanced Configuration Snippet (Safety Valve) for hive-site.xml.
  2. Configure the javax.jdo.option.ConnectionURL property with values depending on the database type.
    • MySQL
      jdbc:mysql://[***DB-HOST***]:[***DB-PORT***]/[***DB-NAME***]?sslMode=VERIFY_CA&trustCertificateKeyStoreUrl=file://[***TRUSTSTORE-PATH***]&trustCertificateKeyStoreType=jks&trustCertificateKeyStorePassword=[***TRUSTSTORE-PASSWORD***]&enabledTLSProtocols=TLSv1.2
    • PostgreSQL
      jdbc:postgresql://[***DB-HOST***]:[***DB-PORT***]/[***DB-NAME***]?sslMode=VERIFY_CA&trustCertificateKeyStoreUrl=file://[***TRUSTSTORE-PATH***]&trustCertificateKeyStoreType=jks&trustCertificateKeyStorePassword=[***TRUSTSTORE-PASSWORD***]&enabledTLSProtocols=TLSv1.2
    • MariaDB
      jdbc:mysql://[***DB-HOST***]:[***DB-PORT***]/[***DB-NAME***]?sslMode=VERIFY_CA&trustCertificateKeyStoreUrl=file://[***TRUSTSTORE-PATH***]&trustCertificateKeyStoreType=jks&trustCertificateKeyStorePassword=[***TRUSTSTORE-PASSWORD***]&enabledTLSProtocols=TLSv1.2
    • Oracle TCPS
      jdbc:oracle:thin:@tcps://[***DB-HOST***]:[***DB-PORT***]/[***DB-NAME***]?javax.net.ssl.trustStore=[***TRUSTSTORE-PATH***]&javax.net.ssl.trustStorePassword=[***TRUSTSTORE-PASSWORD***]&oracle.net.ssl_server_dn_match=false
    Where,
    • [***DB-HOST***], [***DB-PORT***], and [***DB-NAME***] represent the Host, Port, and Database name used for the Hive Metastore service.
    • [***TRUSTSTORE-PATH***] represents the path to the Java truststore file.
    • [***TRUSTSTORE-PASSWORD***] represents the password used to access the Java truststore file.
  3. Click Save Changes.