nmukerje/hive_ssl

## hive_ssl
>> Created the key

keytool -genkey -alias hiveserver2 -keyalg RSA -keystore /tmp/hs2keystore.jks -keysize 2048

Enter keystore password: XXXXXXXX
Re-enter new password: XXXXXXXX
What is your first and last name?
  [Unknown]:  localhost
What is the name of your organizational unit?
  [Unknown]:  myorg
What is the name of your organization?
  [Unknown]:  myorg
What is the name of your City or Locality?
  [Unknown]:  Herndon
What is the name of your State or Province?
  [Unknown]:  VA
What is the two-letter country code for this unit?
  [Unknown]:  US
Is CN=localhost, OU=myorg, O=myorg, L=Herndon, ST=VA, C=US correct?
  [no]:  yes

Enter key password for <hiveserver2>
	(RETURN if same as keystore password):

Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /tmp/hs5keystore.jks -destkeystore /tmp/hs5keystore.jks -deststoretype pkcs12".


>> Later exported the certificate

keytool -export -alias hiveserver2 -file hiveserver2.crt -keystore /tmp/hs2keystore.jks.


>> Imported above certificated into truststore

keytool -import -trustcacerts -alias hiveserver2 -file hiveserver2.crt -keystore /tmp/truststore.jks

Edited /etc/hive/conf/hive-site.xml

<property>
  <name>hive.server2.use.SSL</name>
  <value>true</value>
</property>

<property>
  <name>hive.server2.keystore.path</name>
  <value>/tmp/hs2keystore.jks</value>
</property>

<property>
  <name>hive.server2.keystore.password</name>
  <value>xxxxxx</value>
</property>

>> Restarted the hive servers,
sudo stop hive-server2
sudo stop hive-hcatalog-server
sudo start hive-hcatalog-server
sudo start hive-server2

>> Invoked beeline
>> beeline
>> beeline> !connect jdbc:hive2://localhost:10000/default;ssl=true;sslTrustStore=/tmp/truststore.jks;trustStorePassword=XXXXXX
Connecting to jdbc:hive2://localhost:10000/default;ssl=true;sslTrustStore=/tmp/truststore.jks;trustStorePassword=1234567
Enter username for jdbc:hive2://localhost:10000/default: hive
Enter password for jdbc:hive2://localhost:10000/default: ****************.
Connected to: Apache Hive (version 2.3.2-amzn-2)
Driver: Hive JDBC (version 2.3.2-amzn-2)
	>> Created the key

	keytool -genkey -alias hiveserver2 -keyalg RSA -keystore /tmp/hs2keystore.jks -keysize 2048

	Enter keystore password: XXXXXXXX
	Re-enter new password: XXXXXXXX
	What is your first and last name?
	[Unknown]: localhost
	What is the name of your organizational unit?
	[Unknown]: myorg
	What is the name of your organization?
	[Unknown]: myorg
	What is the name of your City or Locality?
	[Unknown]: Herndon
	What is the name of your State or Province?
	[Unknown]: VA
	What is the two-letter country code for this unit?
	[Unknown]: US
	Is CN=localhost, OU=myorg, O=myorg, L=Herndon, ST=VA, C=US correct?
	[no]: yes

	Enter key password for <hiveserver2>
	(RETURN if same as keystore password):

	Warning:
	The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /tmp/hs5keystore.jks -destkeystore /tmp/hs5keystore.jks -deststoretype pkcs12".


	>> Later exported the certificate

	keytool -export -alias hiveserver2 -file hiveserver2.crt -keystore /tmp/hs2keystore.jks.


	>> Imported above certificated into truststore

	keytool -import -trustcacerts -alias hiveserver2 -file hiveserver2.crt -keystore /tmp/truststore.jks

	Edited /etc/hive/conf/hive-site.xml

	<property>
	<name>hive.server2.use.SSL</name>
	<value>true</value>
	</property>

	<property>
	<name>hive.server2.keystore.path</name>
	<value>/tmp/hs2keystore.jks</value>
	</property>

	<property>
	<name>hive.server2.keystore.password</name>
	<value>xxxxxx</value>
	</property>

	>> Restarted the hive servers,
	sudo stop hive-server2
	sudo stop hive-hcatalog-server
	sudo start hive-hcatalog-server
	sudo start hive-server2

	>> Invoked beeline
	>> beeline
	>> beeline> !connect jdbc:hive2://localhost:10000/default;ssl=true;sslTrustStore=/tmp/truststore.jks;trustStorePassword=XXXXXX
	Connecting to jdbc:hive2://localhost:10000/default;ssl=true;sslTrustStore=/tmp/truststore.jks;trustStorePassword=1234567
	Enter username for jdbc:hive2://localhost:10000/default: hive
	Enter password for jdbc:hive2://localhost:10000/default: ****************.
	Connected to: Apache Hive (version 2.3.2-amzn-2)
	Driver: Hive JDBC (version 2.3.2-amzn-2)