Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Enable SSL on Hive with Kerberos authentication ?

Enable SSL on Hive with Kerberos authentication ?

New Contributor

Hi,

I wanted to enable SSL for Hive server2 on our multi node cluster.

But we already have Kerberos authentication for hive.

Is there any way to enable SSL with Kerberos.

According to the document it says enable SSL only without Kerberos - https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/ch_wire-hiveserver2.htm...

Regards,

Abhay

1 REPLY 1

Re: Enable SSL on Hive with Kerberos authentication ?

Mentor

@Abhay Kasturia

What implementation if self-signed here are the steps for enabling HiveServer2 SSL

# Step 1 - Generate Key

keytool -keystore server.keystore.jks -alias localhost -validity 365 -keyalg RSA -genkey 

# Step 2 - Create CA & upload the same into Trust Store.

openssl req -new -x509 -keyout ca-key -out ca-cert -days 365
keytool -keystore server.truststore.jks -alias CARoot -import -file ca-cert
keytool -keystore client.truststore.jks -alias CARoot -import -file ca-cert 

# Step 3 - CA to singn the Certificate

keytool -keystore server.keystore.jks -alias localhost -certreq -file cert-file
openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-signed -days 365 -CAcreateserial -passin pass:test1234
keytool -keystore server.keystore.jks -alias CARoot -import -file ca-cert
keytool -keystore server.keystore.jks -alias localhost -import -file cert-signed

The above commands are example extracted from Kafka documentation to generate self-signed certificates - is the same for any self-signed certificate generation then perform the same thing.

HTH

Don't have an account?
Coming from Hortonworks? Activate your account here