Configuring Wire Encryption
Also available as:
PDF
loading table of contents...

Enable SSL on HiveServer2

When using HiveServer2 without Kerberos authentication, you can enable SSL.

Perform the following steps on the HiveServer2.
  1. Run the following command to create a keystore for hiveserver2:: keytool -genkey -alias hbase -keyalg RSA -keysize 1024 -keystore hbase.jks.
  2. Edit the hive-site.xml, set the following properties to enable SSL:
    <property>
      <name>hive.server2.use.SSL</name>
      <value>true</value>
      <description></description>
    </property>
     
    <property>
      <name>hive.server2.keystore.path</name>
      <value>keystore-file-path</value>
      <description></description>
    </property>
    
    <property>
      <name>hive.server2.keystore.password</name>
      <value>keystore-file-password</value>
      <description></description>
    </property>
    Note
    Note

    When hive.server2.transport.mode is binary and hive.server2.authentication is KERBEROS, SSL encryption does not currently work. Set hive.server2.thrift.sasl.qop to auth-conf to enable encryption

  3. On the client-side, specify SSL settings for Beeline or JDBC client as follows:jdbc:hive2://<host>:<port>/<database>;ssl=true;sslTrustStore=<path-to-truststore>;trustStorePassword=<password>.