Enabling SSL for AlwaysOn SQL
Communication between the driver and AlwaysOn SQL can be encrypted using SSL.
The following instructions give an example of how to set up SSL with a self-signed keystore and truststore.
Procedure
-
Ensure client-to-node encryption is enabled and configured correctly.
-
If the SSL keystore and truststore used for AlwaysOn SQL differ from the keystore and truststore configured in cassandra.yaml, add the required settings to enable SSL to the hive-site.xml configuration file.
By default the SSL settings in cassandra.yaml will be used with AlwaysOn SQL.
<property> <name>hive.server2.thrift.bind.host</name> <value><hostname></value> </property> <property> <name>hive.server2.use.SSL</name> <value>true</value> </property> <property> <name>hive.server2.keystore.path</name> <value><path to keystore>/keystore.jks</value> </property> <property> <name>hive.server2.keystore.password</name> <value><keystore password></value> </property> -
Start or restart the AlwaysOn SQL service.
Changes in the hive-site.xml configuration file only require a restart of AlwaysOn SQL service, not DSE.
dse client-tool alwayson-sql start -
Test the connection with Beeline.
dse beelinebeeline> !connect jdbc:hive2://<hostname>:10000/default;ssl=true;sslTrustStore=<path to truststore>/truststore.jks;trustStorePassword=<truststore password>The JDBC URL for the Simba JDBC Driver is:
jdbc:spark://<hostname>:10000/default;SSL=1;SSLTrustStore=<path to truststore>/truststore.jks;SSLTrustStorePwd=<truststore password>
