Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Unable to connect using JDBC impala after enable TLS.

Unable to connect using JDBC impala after enable TLS.

New Contributor

Hello, 

I create a new cluster with relaxed security and disabled TLS on all services. I'm able to connect on Hive/Impala using JDBC Connection (Squirrel), with no user and password using this conection string: 

Impala: jdbc:impala://Impala_Daemon_Host:21050/default.

Impala: jdbc:hive2://Hive_Gateway_Host:10000/default

 

Now I activated TLS, and create a user on SO (newuser1). 

Now, I'm trying to connect using the same JDBC connection, and using the new user and password, with no sucess.

 

Any advice are welcome.

 

4 REPLIES 4
Highlighted

Re: Unable to connect using JDBC impala after enable TLS.

New Contributor

I'm not using Kerberos yet, Just the users that are created on SO.

Any advice are welcome.

Highlighted

Re: Unable to connect using JDBC impala after enable TLS.

Cloudera Employee

You mentioned that you could connect to Impala without user and password. I suppose you didn't change the authentication mechanism but only enabled SSL for Impala service. Then what you need to do is to add SSL, SSLKeyStore and SSLKeyStorePwd into your JDBC connection string:

 

jdbc:impala://Impala_Daemon_Host:21050/default;SSL=1;SSLKeyStore=<keystore.jks>;SSLKeyStorePwd=<keystore_pwd>

 

You don't need UID and PWD unless you have to set AuthMech to 3 which is usually required when Impala uses LDAP authentication. 

Highlighted

Re: Unable to connect using JDBC impala after enable TLS.

New Contributor

Hello @robbiez

Thanks for your attention. 

Yes, I didn't change the authentication mecanism, only enable SSL.

 

I supose I have to copy the files located at /var/lib/cloudera-scm-agent/agent-cert/ from Cloudera Host to my computer. So the connection string is:

jdbc:impala://Impala_Daemon_Host:21050/default;SSL=1;SSLKeyStore=C:\\agent-cert\\cm-auto-in_cluster_truststore.jks;SSLKeyStorePwd=C:\\agent-cert\\cm-auto-host_key.pw.

 

When I test the connection, shows the message:

Unexpected Error occurred attempting to open an SQL connection.
class java.security.UnrecoverableKeyException: Password verification failed

 

I'm using Squirrel to connect to impala. 

 

 

 

Highlighted

Re: Unable to connect using JDBC impala after enable TLS.

Cloudera Employee

The error was "Password verification failed". You set SSLKeyStore to a truststore.jks file but it should be a keystore.jks file. Please change this property and try again.

Don't have an account?
Coming from Hortonworks? Activate your account here