Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Unable to connect using JDBC impala after enable TLS.

Labels:
avatar
author-rank paulo_klein
Explorer

Created on ‎12-05-2019 09:02 AM - last edited on ‎12-05-2019 09:31 AM by Community Manager Community Manager

Hello, 

I create a new cluster with relaxed security and disabled TLS on all services. I'm able to connect on Hive/Impala using JDBC Connection (Squirrel), with no user and password using this conection string: 

Impala: jdbc:impala://Impala_Daemon_Host:21050/default.

Impala: jdbc:hive2://Hive_Gateway_Host:10000/default

 

Now I activated TLS, and create a user on SO (newuser1). 

Now, I'm trying to connect using the same JDBC connection, and using the new user and password, with no sucess.

 

Any advice are welcome.

 

3,722 Views
0 Kudos
0
1 ACCEPTED SOLUTION

avatar
author-rank robbiez author-rank
Expert Contributor

Created ‎12-16-2019 12:49 PM

The error was "Password verification failed". You set SSLKeyStore to a truststore.jks file but it should be a keystore.jks file. Please change this property and try again.

View solution in original post

3,669 Views
0 Kudos
0
4 REPLIES 4

avatar
author-rank paulo_klein
Explorer

Created ‎12-15-2019 01:58 PM

I'm not using Kerberos yet, Just the users that are created on SO.

Any advice are welcome.

3,695 Views
0 Kudos

avatar
author-rank robbiez author-rank
Expert Contributor

Created ‎12-15-2019 08:00 PM

You mentioned that you could connect to Impala without user and password. I suppose you didn't change the authentication mechanism but only enabled SSL for Impala service. Then what you need to do is to add SSL, SSLKeyStore and SSLKeyStorePwd into your JDBC connection string:

 

jdbc:impala://Impala_Daemon_Host:21050/default;SSL=1;SSLKeyStore=<keystore.jks>;SSLKeyStorePwd=<keystore_pwd>

 

You don't need UID and PWD unless you have to set AuthMech to 3 which is usually required when Impala uses LDAP authentication. 

3,686 Views
0 Kudos

avatar
author-rank paulo_klein
Explorer

Created ‎12-16-2019 05:56 AM

Hello @robbiez

Thanks for your attention. 

Yes, I didn't change the authentication mecanism, only enable SSL.

 

I supose I have to copy the files located at /var/lib/cloudera-scm-agent/agent-cert/ from Cloudera Host to my computer. So the connection string is:

jdbc:impala://Impala_Daemon_Host:21050/default;SSL=1;SSLKeyStore=C:\\agent-cert\\cm-auto-in_cluster_truststore.jks;SSLKeyStorePwd=C:\\agent-cert\\cm-auto-host_key.pw.

 

When I test the connection, shows the message:

Unexpected Error occurred attempting to open an SQL connection.
class java.security.UnrecoverableKeyException: Password verification failed

 

I'm using Squirrel to connect to impala. 

 

 

 

3,680 Views
0 Kudos

avatar
author-rank robbiez author-rank
Expert Contributor

Created ‎12-16-2019 12:49 PM

The error was "Password verification failed". You set SSLKeyStore to a truststore.jks file but it should be a keystore.jks file. Please change this property and try again.

3,670 Views
0 Kudos
0
Announcements
Community Announcements
April 2025 Cloudera Customer Advisory: Cloudera’s response t...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
View More Announcements