Enabling SSL for the Apache Spark™ SQL Thrift Server

Communication between the JDBC driver and Spark SQL Thrift Server can be encrypted using SSL.

The following instructions give an example of how to set up SSL with a self-signed keystore and truststore.

Where is the hive-site.xml file?

The location of the hive-site.xml file depends on the type of installation:

Installation Type Location

Package installations + Installer-Services installations


Tarball installations + Installer-No Services installations



  1. Create the keystore and truststore using the keytool command.

  2. Add the required settings to enable SSL to the hive-site.xml configuration file.

            <value>path to keystore/keystore.jks</value>
            <value>keystore password</value>
  3. Start or restart the Spark SQL Thrift server.

    Changes in the hive-site.xml configuration file only require a restart of Spark SQL Thriftserver service, not DSE.

    dse spark-sql-thriftserver start
  4. Test the connection with Beeline.

    dse beeline
    beeline> !connect jdbc:hive2://hostname:10000/default;ssl=true;sslTrustStore=path to truststore/truststore.jks;trustStorePassword=truststore password

    The JDBC URL for the Simba JDBC Driver is:

    jdbc:spark://hostname:10000/default;SSL=1;SSLTrustStore=path to truststore/truststore.jks;SSLTrustStorePwd=truststore password

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com