Configuring Encryption for ODBC Connection

Explains how to configure SSL encryption between ODBC connection to Hiveserver2 on non-secure cluster.

Hive uses cyrus-sasl-plain package for ODBC connection.

  1. Generate ssl_keystore/ssl_truststore by running the following command: 
    sudo bash /opt/mapr/server/manageSSLKeys.sh create -ug mapr:mapr
    Important: Make a note of the CN=HOST_NAME parameter in the output.
  2. Configure SSL for Hive as described in Configure Encryption without Authentication.
  3. Generate the .pem file. To generate:
    1. Verify that ssl_keystore and ssl_truststore are present on the system. 
      cd /opt/mapr/conf                     
ll *ssl*store*
      If ssl_keystore and ssl_truststore are not present, then generate them.
    2. Generate .pem file using <ssl-keystore-password> password. 
      keytool -importkeystore -srckeystore ssl_keystore -destkeystore ssl_keystore.p12 -srcstoretype jks -deststoretype pkcs12
    3. Verify that the ssl_keystore.p12 and ssl_keystore.pem files are created.
      For example:
      openssl pkcs12 -in ssl_keystore.p12 -out ssl_keystore.pem 
openssl x509 -text -in ssl_keystore.pem
  4. Configure SSL for ODBC driver by making the following changes in the /etc/odbc.ini, /etc/odbcinst.ini, and /etc/mapr.hiveodbc.init files. That is, in the:
    • /etc/odbc.ini file:
      1. Replace <HOST_NAME> with the host name.
      2. Set the value for TrustedCerts to path to ssl_keystore.pem file.
      3. Add the following to the file:
        [ODBC Data Sources]
Sample MapR Hive DSN=Hive Hive ODBC Driver 64-bit
[Hive]
Driver=/opt/mapr/hiveodbc/lib/64/libmaprhiveodbc64.so
HOST=<HOST_NAME>
PORT=10000
SSL=1
CAIssuedCertNamesMismatch=1
TrustedCerts=/opt/mapr/conf/ssl_keystore.pem
AuthMech=4
    • /etc/odbcinst.ini file, add the following: 
      [ODBC Drivers]
Mapr Hive ODBC Driver=Installed
[Mapr Hive ODBC Driver 64-bit]
Description=Mapr Hive ODBC Driver (64-bit)
Driver=/opt/mapr/hiveodbc/lib/64/libmaprhiveodbc64.so
    • etc/mapr.hiveodbc.ini file, add the following: 
      [Driver]
ErrorMessagesPath=/opt/mapr/hiveodbc/ErrorMessages/
LogLevel=0
LogPath=
SwapFilePath=/tmp

Sample /etc/odbc.ini file

[ODBC Data Sources] 
Sample MapR Hive DSN=Hive Hive ODBC Driver 64-bit 
[Hive] 
Driver=/opt/mapr/hiveodbc/lib/64/libmaprhiveodbc64.so 
HOST=<HOST_NAME> 
PORT=10000 
SSL=1 
CAIssuedCertNamesMismatch=1 
TrustedCerts=/opt/mapr/conf/ssl_keystore.pem 
AuthMech=4

Sample /etc/odbcinst.ini file

[ODBC Drivers] 
Mapr Hive ODBC Driver=Installed 
[Mapr Hive ODBC Driver 64-bit] 
Description=Mapr Hive ODBC Driver (64-bit) 
Driver=/opt/mapr/hiveodbc/lib/64/libmaprhiveodbc64.so

Sample /etc/mapr.hiveodbc.ini file

[Driver] 
ErrorMessagesPath=/opt/mapr/hiveodbc/ErrorMessages/ 
LogLevel=0 
LogPath= 
SwapFilePath=/tmp
Parent topic: Using ODBC to Connect to HiveServer2