Cloudera Community

Community Articles

Find and share helpful community-sourced technical articles.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

How to configure HS2 SSL with kerberos

Labels (1)
Labels:
avatar
author-rank sshimpi
Super Guru

Created on ‎12-22-2016 05:38 AM

  1. Create the self signed certificate and add it to a keystore file using: 
 keytool -genkey -alias example.com -keyalg RSA -keystore keystore.jks -keysize 2048

2. List the keystore entries to verify that the certificate was added. Note that a keystore can contain multiple such certificates:

keytool -list -keystore keystore.jks

3. Export this certificate from keystore.jks to a certificate file:

keytool -export -alias example.com -file example.com.crt -keystore keystore.jks

4. Add this certificate to the client's truststore to establish trust:

keytool -import -trustcacerts -alias example.com -file example.com.crt -keystore truststore.jks

5. Verify that the certificate exists in truststore.jks:

keytool -list -keystore truststore.jks

6. Set hive.server2.thrift.sasl.qop=auth in HS2 configs

Then start HiveServer2, login with user->kinit->beeline and try to connect with beeline using:

!connect jdbc:hive2://<hs2_hostname>:10001/default;principal=<hive_principal>;transportMode=http;httpPath=cliservice;ssl=true;sslTrustStore=<truststore_file_path>;trustStorePassword=<truststore_password>
371 Views
Announcements
What's New @ Cloudera
Upgrade Your Spark Experience: Introducing CDS 3.5 for Cloud...
Community Announcements
June 2021 Community Highlights
Community Announcements
August 2025 Community Highlights
Community Announcements
July 2025 Community Highlights
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
View More Announcements
Version history
Last update:
‎12-22-2016 05:38 AM
Updated by:
Super Guru
Contributors