Connecting to CDH 5.16 Hive SSL/TLS/Kerberos Setup

The Cloudera Hive JDBC drivers used

JDBC Connection String used


What Does each option mean

Base connection string = jdbc:hive2://

Authentication identifier = AuthMech=1 (which states Kerberos)

Kerberos Hive Server FQDN =

Kerberos Realm used = KrbRealm=CW.COM (Not necessarily needed)

Kerberos Service name = KrbServiceName=hive

Enabling SSL = SSL=1

The SSL KeyStore to be used to = SSLKeyStore=/opt/cloudera/security/pki/ (Could use SSLTrustStore also)

Allow for Self Signed certifications to be OK = AllowSelfSignedCerts=1 (our environment used self signed certs)

Password to the KeyStore = SSLKeyStorePwd=password (Not necessarily needed)

Kerberos Principal to use to Authenticate with = principal=hive/

Within the Owl Web UI you have to specify the following (See ScreenShot below)

HS2Driver Connection for Owl using HS2 SSL/TLS/Kerberos

Name = hivessl

Connection URL = jdbc:hive2://;AuthMech=1;;KrbRealm=CW.COM;KrbServiceName=hive;SSL=1;SSLKeyStore=/opt/cloudera/security/pki/;AllowSelfSignedCerts=1;SSLKeyStorePwd=password;principal=hive/

Port = 10000

Driver Name = com.cloudera.hive.jdbc4.HS2Driver

Username = userspark@CW.COM

Password = password