Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Unable to connect using JDBC impala after enable TLS.

Labels:
avatar
author-rank paulo_klein
Explorer

Created on ‎12-05-2019 09:02 AM - last edited on ‎12-05-2019 09:31 AM by Community Manager Community Manager

Hello, 

I create a new cluster with relaxed security and disabled TLS on all services. I'm able to connect on Hive/Impala using JDBC Connection (Squirrel), with no user and password using this conection string: 

Impala: jdbc:impala://Impala_Daemon_Host:21050/default.

Impala: jdbc:hive2://Hive_Gateway_Host:10000/default

 

Now I activated TLS, and create a user on SO (newuser1). 

Now, I'm trying to connect using the same JDBC connection, and using the new user and password, with no sucess.

 

Any advice are welcome.

 

3,041 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank robbiez author-rank
Expert Contributor

Created ‎12-16-2019 12:49 PM

The error was "Password verification failed". You set SSLKeyStore to a truststore.jks file but it should be a keystore.jks file. Please change this property and try again.

View solution in original post

2,988 Views
0 Kudos
4 REPLIES 4

avatar
author-rank paulo_klein
Explorer

Created ‎12-15-2019 01:58 PM

I'm not using Kerberos yet, Just the users that are created on SO.

Any advice are welcome.

3,014 Views
0 Kudos

avatar
author-rank robbiez author-rank
Expert Contributor

Created ‎12-15-2019 08:00 PM

You mentioned that you could connect to Impala without user and password. I suppose you didn't change the authentication mechanism but only enabled SSL for Impala service. Then what you need to do is to add SSL, SSLKeyStore and SSLKeyStorePwd into your JDBC connection string:

 

jdbc:impala://Impala_Daemon_Host:21050/default;SSL=1;SSLKeyStore=<keystore.jks>;SSLKeyStorePwd=<keystore_pwd>

 

You don't need UID and PWD unless you have to set AuthMech to 3 which is usually required when Impala uses LDAP authentication. 

3,005 Views
0 Kudos

avatar
author-rank paulo_klein
Explorer

Created ‎12-16-2019 05:56 AM

Hello @robbiez

Thanks for your attention. 

Yes, I didn't change the authentication mecanism, only enable SSL.

 

I supose I have to copy the files located at /var/lib/cloudera-scm-agent/agent-cert/ from Cloudera Host to my computer. So the connection string is:

jdbc:impala://Impala_Daemon_Host:21050/default;SSL=1;SSLKeyStore=C:\\agent-cert\\cm-auto-in_cluster_truststore.jks;SSLKeyStorePwd=C:\\agent-cert\\cm-auto-host_key.pw.

 

When I test the connection, shows the message:

Unexpected Error occurred attempting to open an SQL connection.
class java.security.UnrecoverableKeyException: Password verification failed

 

I'm using Squirrel to connect to impala. 

 

 

 

2,999 Views
0 Kudos

avatar
author-rank robbiez author-rank
Expert Contributor

Created ‎12-16-2019 12:49 PM

The error was "Password verification failed". You set SSLKeyStore to a truststore.jks file but it should be a keystore.jks file. Please change this property and try again.

2,989 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements