Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Impala JDBC client fails to connect to kerberized & ssl enabled cluster

Highlighted

Impala JDBC client fails to connect to kerberized & ssl enabled cluster

New Contributor

Hi,

 

We are not able to connect to impala from squirrel /workbench client using JDBC.

At the same time, We are able to successfully connect using ODBC driver.

There is no configuration issue from Kerberos side as we are able to fetch the data using ODBC.

 

We have installed

1) CDH 6.1 cluster

2) MIT Kerberos enabled

3) SSL enabled for Impala

4) Tested using the Impala JDBC driver version 2.5.45(ClouderaImpalaJDBC4_2.5.45)

     and 2.6.2 (impala_jdbc_2.6.2.1003)

 

We are getting the below error

 

[Simba][ImpalaJDBCDriver](500164) Error initialized or created transport for authentication: [Simba][ImpalaJDBCDriver](500169) Unable to connect to server: GSS initiate failed
Also, could not send response: org.apache.thrift.transport.TTransportException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

 

Connection strings:

jdbc:impala://Loadbalancer.amazonaws.com:21050/default;AuthMech=1;KrbHostFQDN=master2-impala-146.com;KrbRealm=PRODIMPALA.COM;KrbServiceName=impala;SSL=1;CAIssuedCertNamesMismatch=1;SocketTimeout=10;loglevel=6;logpath=d:\;TrustedCerts=D:\CA-Certs\\cacerts

 

jdbc:impala://Loadbalancer.amazonaws.com:21050/default;AuthMech=1;KrbHostFQDN=master2-impala-146;KrbRealm=PRODIMPALA.COM;KrbServiceName=impala;ssl=1;CAIssuedCertNamesMismatch=1;loglevel=6;logpath=d:\CA-CERTS\;TrustedCerts="C:\Program Files (x86)\Java\jre1.8.0_201\lib\security\cacerts"

 

jdbc:impala://Loadbalancer.amazonaws.com:21050/default;AuthMech=1;KrbHostFQDN=master2-impala-146;KrbRealm=PRODIMPALA.COM;KrbServiceName=impala;ssl=1;

 

Different Options:

 

1) Imported the pem file into /jre/lib/security/cacerts

2) Copied the jssecacerts from impala node to client node

3) Tried connecting with jks file

4) Tried with both impala jdbc 4 & 4.1 driver.

 

Any help would be really appreciated.

 

Regards,

Balaji

1 REPLY 1

Re: Impala JDBC client fails to connect to kerberized & ssl enabled cluster

New Contributor

I am having the same problem, were you able to resolve this ? If so can you share your experience

Don't have an account?
Coming from Hortonworks? Activate your account here