Enabling SSL for AlwaysOn SQL

Communication with the AlwaysOn SQL can be encrypted using SSL.

1. Ensure client-to-node encryption is enabled and configured correctly.
2. Optional: If the SSL keystore and truststore used for AlwaysOn SQL differ from the keystore and truststore configured in cassandra.yaml, add the required settings to enable SSL to the hive-site.xml configuration file.
   Note: By default the SSL settings in cassandra.yaml will be used with AlwaysOn SQL.

       <property>
           <name>hive.server2.thrift.bind.host</name>
           <value>hostname</value>
       </property>
       <property>
           <name>hive.server2.use.SSL</name>
           <value>true</value>
       </property>
       <property>
           <name>hive.server2.keystore.path</name>
           <value>path to keystore/keystore.jks</value>
       </property>
       <property>
           <name>hive.server2.keystore.password</name>
           <value>keystore password</value>
       </property>

3. Start or restart the AlwaysOn SQL service.
   Note: Changes in the hive-site.xml configuration file only require a restart of AlwaysOn SQL service, not DSE.

   dse client-tool alwayson-sql start

4. Test the connection with Beeline.

   dse beeline

   beeline> !connect jdbc:hive2://hostname:10000/default;ssl=true;sslTrustStore=path to truststore/truststore.jks;trustStorePassword=truststore password

   Note: The JDBC URL for the Simba JDBC Driver is:

   jdbc:spark://hostname:10000/default;SSL=1;SSLTrustStore=path to truststore/truststore.jks;SSLTrustStorePwd=truststore password