Enabling SSL Encryption for Impala

<property>
  <name>hive.metastore.uris</name>
    <value>thrift://<hive_metastore_host>:9083</value>
      <description>IP address or fully-qualified domain name, and port number, of the Hive metastore host
</description>
      </property>
<property>
<property>
  <name>hive.server2.use.SSL</name>
    <value>true</value>
      <description>enable/disable SSL communication</description>
      </property>
<property>
  <name>hive.server2.keystore.path</name>
    <value>/opt/mapr/conf/ssl_keystore</value>
      <description>path to keystore file</description>
</property>
<property>
  <name>hive.server2.keystore.password</name>
    <value>mapr123</value>
      <description>keystore password</description>
</property>

Flag	Description
-ssl_server_certificate	Full path to the server certificate on the local file system.
-ssl_private_key	Full path to the server private key on the local file system.

For more information about configuring Impala start-up options, refer to Additional Impala Configuration Options.

When you add the SSL flags to Impala start-up options, Impala listens for HiveServer2 on the SSL-secured ports. A client program usually has equivalent options to verify a connection to the correct server.

After you enable SSL, you can issue the following options when you start the impala-shell:

Option	Description
-ssl	Enables SSL for the impala-shell.
-ca_cert	Local path name that points to the third-party CA certificate, or to a copy of the server certificate for self-signed server certificates. If --ca_cert is not set, impala-shell enables SSL, but does not validate the server certificate. This is useful for connecting to an Impala node that you know is only running over SSL when a copy of the certificate is not available.