Enable SSL for Impala
Impala 2.5.0 supports SSL encryption for internal Impala connections.
Complete the following steps to configure SSL for Impala:
- Configure encryption in Hive. See Hive Encryption.
- Configure client-server encryption only or configure client-server and Impala internal
encryption.
- To configure client-server encryption only, add the following start-up options
for the Impala Server to
/opt/mapr/impala/impala-<version>/conf/env.sh
:-ssl_server_certificate
- Full path to the server certificate on the local file system.
-ssl_private_key
- Full path to the server private key on the local file system.
- To configure client-server and Impala internal encryption, add the following
start-up options for the Impala server, catalog, and statestore to
/opt/mapr/impala/impala-<version>/conf/env.sh
:-ssl_server_certificate
- Full path to the server certificate on the local file system.
-ssl_private_key
- Full path to the server private key on the local file system.
-ssl_client_ca_certificate
- Full path to the certificate on the local file system required for client/server encryption.
- To configure client-server encryption only, add the following start-up options
for the Impala Server to
NOTE: When you add the SSL flags to Impala start-up options, Impala listens for HiveServer2 on
the SSL-secured ports. A client program usually has equivalent options to verify a
connection to the correct server.
After you enable SSL, you can issue the following options when you start the impala-shell:
Option | Description |
|
Enables SSL for the impala-shell. |
|
Local path name that points to the third-party CA certificate, or to a copy of the server certificate for self-signed server certificates. If --ca_cert is not set, impala-shell enables SSL, but does not validate the server certificate. This is useful for connecting to an Impala node that you know is only running over SSL when a copy of the certificate is not available. |
For more information about the impala-shell, refer to Impala-Shell Commands.
For more information about configuring Impala start-up options, see Additional Impala Configuration Options.