MapR 5.0 Documentation : Enable SSL for Impala

Complete the following steps to configure SSL for Impala:

  1. Configure encryption in Hive. See Hive Encryption.

  2. Add the following start-up options for Impala Server to /opt/mapr/impala/impala-<version>/conf/env.sh:

    OptionDescription
    -ssl_server_certificateFull path to the server certificate on the local file system.
    -ssl_private_keyFull path to the server private key on the local file system.

For more information about configuring Impala start-up options, see Additional Impala Configuration Options.

When you add the SSL flags to Impala start-up options, Impala listens for HiveServer2 on the SSL-secured ports. A client program usually has equivalent options to verify a connection to the correct server.

After you enable SSL, you can issue the following options when you start the impala-shell:

OptionDescription
--sslEnables SSL for the impala-shell.
--ca_certLocal path name that points to the third-party CA certificate, or to a copy of the server certificate for self-signed server certificates. If --ca_cert is not set, impala-shell enables SSL, but does not validate the server certificate. This is useful for connecting to an Impala node that you know is only running over SSL when a copy of the certificate is not available.

For more information about the impala-shell, refer to Impala-Shell and Command Line Options.