Hi,

We are not able to connect to impala from squirrel /workbench client using JDBC.

At the same time, We are able to successfully connect using ODBC driver.

There is no configuration issue from Kerberos side as we are able to fetch the data using ODBC.

We have installed

1) CDH 6.1 cluster

2) MIT Kerberos enabled

3) SSL enabled for Impala

4) Tested using the Impala JDBC driver version 2.5.45(ClouderaImpalaJDBC4_2.5.45)

     and 2.6.2 (impala_jdbc_2.6.2.1003)

We are getting the below error

[Simba][ImpalaJDBCDriver](500164) Error initialized or created transport for authentication: [Simba][ImpalaJDBCDriver](500169) Unable to connect to server: GSS initiate failed
Also, could not send response: org.apache.thrift.transport.TTransportException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

Connection strings:

jdbc:impala://Loadbalancer.amazonaws.com:21050/default;AuthMech=1;KrbHostFQDN=master2-impala-146.com;KrbRealm=PRODIMPALA.COM;KrbServiceName=impala;SSL=1;CAIssuedCertNamesMismatch=1;SocketTimeout=10;loglevel=6;logpath=d:\;TrustedCerts=D:\CA-Certs\\cacerts

jdbc:impala://Loadbalancer.amazonaws.com:21050/default;AuthMech=1;KrbHostFQDN=master2-impala-146;KrbRealm=PRODIMPALA.COM;KrbServiceName=impala;ssl=1;CAIssuedCertNamesMismatch=1;loglevel=6;logpath=d:\CA-CERTS\;TrustedCerts="C:\Program Files (x86)\Java\jre1.8.0_201\lib\security\cacerts"

jdbc:impala://Loadbalancer.amazonaws.com:21050/default;AuthMech=1;KrbHostFQDN=master2-impala-146;KrbRealm=PRODIMPALA.COM;KrbServiceName=impala;ssl=1;

Different Options:

1) Imported the pem file into /jre/lib/security/cacerts

2) Copied the jssecacerts from impala node to client node

3) Tried connecting with jks file

4) Tried with both impala jdbc 4 & 4.1 driver.

Any help would be really appreciated.

Regards,

Balaji