Accessing Clusters
Also available as:
PDF

Download SSL certificate

By default, the gateway has been configured with a self-signed certificate to protect the Hive endpoint via SSL. In order to use Hive via JDBC or Beeline client, you must download the SSL certificate from the gateway and add it to your truststore.

On Linux or OSX, you can download the self-signed SSL certificate by using the following commands:

export GATEWAY_HOST=IP_OF_GATEWAY_NODE
export GATEWAY_JKS_PASSWORD=GATEWAY_PASSWORD
openssl s_client -servername ${GATEWAY_HOST} -connect ${GATEWAY_HOST}:8443 -showcerts </dev/null | openssl x509 -outform PEM > gateway.pem
keytool -import -alias gateway-identity -file gateway.pem -keystore gateway.jks -storepass ${GATEWAY_JKS_PASSWORD}   

Where: GATEWAY_HOST - Set this to the IP address of the instance on which gateway is running (Ambari server node). GATEWAY_JKS_PASSWORD - Create a password for the truststore that will hold the self-signed certificate. The password must be at least 6 characters long.

For example:

export GATEWAY_HOST=2-52-86-252-73
export GATEWAY_JKS_PASSWORD=Hadoop123!
openssl s_client -servername ${GATEWAY_HOST} -connect ${GATEWAY_HOST}:8443 -showcerts </dev/null | openssl x509 -outform PEM > gateway.pem
keytool -import -alias gateway-identity -file gateway.pem -keystore gateway.jks -storepass ${GATEWAY_JKS_PASSWORD}   

After executing these commands, gateway.pem and gateway.jks files will be downloaded onto your computer to the location where you ran the commands.