Enabling SSL Encryption for Impala

  1. Configure hive-site.xml with the following properties:
          <description>IP address or fully-qualified domain name, and port number, of the Hive metastore host
          <description>enable/disable SSL communication</description>
          <description>path to keystore file</description>
          <description>keystore password</description>
  2. Add both of the following flags to the Impala start-up options in /opt/mapr/impala/impala-<version>/conf/env.sh:
    Flag Description
    -ssl_server_certificate Full path to the server certificate on the local file system.
    -ssl_private_key Full path to the server private key on the local file system.

    For more information about configuring Impala start-up options, refer to Additional Impala Configuration Options.

    When you add the SSL flags to Impala start-up options, Impala listens for HiveServer2 on the SSL-secured ports. A client program usually has equivalent options to verify a connection to the correct server.

    After you enable SSL, you can issue the following options when you start the impala-shell:

    Option Description
    -ssl Enables SSL for the impala-shell.
    -ca_cert Local path name that points to the third-party CA certificate, or to a copy of the server certificate for self-signed server certificates. If --ca_cert is not set, impala-shell enables SSL, but does not validate the server certificate. This is useful for connecting to an Impala node that you know is only running over SSL when a copy of the certificate is not available.
For more information about the impala-shell, refer to Impala-Shell Commands.