Support Questions

abhay_kasturia · ‎09-07-2018

Hi,

I wanted to enable SSL for Hive server2 on our multi node cluster.

But we already have Kerberos authentication for hive.

Is there any way to enable SSL with Kerberos.

According to the document it says enable SSL only without Kerberos - https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/ch_wire-hiveserver2.htm...

Regards,

Abhay

Shelton · ‎09-07-2018

@Abhay Kasturia

What implementation if self-signed here are the steps for enabling HiveServer2 SSL

# Step 1 - Generate Key

keytool -keystore server.keystore.jks -alias localhost -validity 365 -keyalg RSA -genkey

# Step 2 - Create CA & upload the same into Trust Store.

openssl req -new -x509 -keyout ca-key -out ca-cert -days 365
keytool -keystore server.truststore.jks -alias CARoot -import -file ca-cert
keytool -keystore client.truststore.jks -alias CARoot -import -file ca-cert

# Step 3 - CA to singn the Certificate

keytool -keystore server.keystore.jks -alias localhost -certreq -file cert-file
openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-signed -days 365 -CAcreateserial -passin pass:test1234
keytool -keystore server.keystore.jks -alias CARoot -import -file ca-cert
keytool -keystore server.keystore.jks -alias localhost -import -file cert-signed

The above commands are example extracted from Kafka documentation to generate self-signed certificates - is the same for any self-signed certificate generation then perform the same thing.

HTH

Support Questions

Enable SSL on Hive with Kerberos authentication ?