Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Unable to connect using JDBC impala after enable TLS.

avatar
Explorer

Hello, 

I create a new cluster with relaxed security and disabled TLS on all services. I'm able to connect on Hive/Impala using JDBC Connection (Squirrel), with no user and password using this conection string: 

Impala: jdbc:impala://Impala_Daemon_Host:21050/default.

Impala: jdbc:hive2://Hive_Gateway_Host:10000/default

 

Now I activated TLS, and create a user on SO (newuser1). 

Now, I'm trying to connect using the same JDBC connection, and using the new user and password, with no sucess.

 

Any advice are welcome.

 

1 ACCEPTED SOLUTION

avatar
Expert Contributor

The error was "Password verification failed". You set SSLKeyStore to a truststore.jks file but it should be a keystore.jks file. Please change this property and try again.

View solution in original post

4 REPLIES 4

avatar
Explorer

I'm not using Kerberos yet, Just the users that are created on SO.

Any advice are welcome.

avatar
Expert Contributor

You mentioned that you could connect to Impala without user and password. I suppose you didn't change the authentication mechanism but only enabled SSL for Impala service. Then what you need to do is to add SSL, SSLKeyStore and SSLKeyStorePwd into your JDBC connection string:

 

jdbc:impala://Impala_Daemon_Host:21050/default;SSL=1;SSLKeyStore=<keystore.jks>;SSLKeyStorePwd=<keystore_pwd>

 

You don't need UID and PWD unless you have to set AuthMech to 3 which is usually required when Impala uses LDAP authentication. 

avatar
Explorer

Hello @robbiez

Thanks for your attention. 

Yes, I didn't change the authentication mecanism, only enable SSL.

 

I supose I have to copy the files located at /var/lib/cloudera-scm-agent/agent-cert/ from Cloudera Host to my computer. So the connection string is:

jdbc:impala://Impala_Daemon_Host:21050/default;SSL=1;SSLKeyStore=C:\\agent-cert\\cm-auto-in_cluster_truststore.jks;SSLKeyStorePwd=C:\\agent-cert\\cm-auto-host_key.pw.

 

When I test the connection, shows the message:

Unexpected Error occurred attempting to open an SQL connection.
class java.security.UnrecoverableKeyException: Password verification failed

 

I'm using Squirrel to connect to impala. 

 

 

 

avatar
Expert Contributor

The error was "Password verification failed". You set SSLKeyStore to a truststore.jks file but it should be a keystore.jks file. Please change this property and try again.