Connecting to Impala with TLS (SSL) Enabled
You can connect to the Impala data source with TLS/SSL network-level encryption to secure your data while working with your data source.
Impala's TLS configuration requires an x509 certificate that will identify the Impala daemon to clients during TLS connections. Production usage of TLS usually implies purchasing the necessary certificates from a commercial Certificate Authority (CA), while development environments can use self-signed certificates. If you have either a
from the trusted CA
in PEM format you can verify your Impala TLS configuration using the
For Zoomdata Server:
There is no particular configuration related to TLS on Zoomdata server’s side. However, the client must have a Java
with a correct certificate (for example, a root certificate provided by a CA) installed. To list all the certificates installed in the Java truststore, use the
Once you have the java truststore configured, enabling SSL from Zoomdata’s perspective is a matter of composing the correct JDBC URL.
Creating a JDBC URL with the TLS parameters
To specify the TLS-related parameters, use the following template for a JDBC URL:
ssl=trueis the required parameter for enabling TLS encryption
path_to_truststoreis the path to a Java truststore which contains either a certificate issued by a trusted CA or a self-signed certificate (not recommended and shouldn’t be used in a production environment)
truststore_passwordis the password to access the truststore
auth=noSaslis the required parameter when no authentication or simple user/password authentication is used
Using TLS ENCRYPTION along with KERBEROS authentication
Refer to Connecting to Impala on Kerberized CDH cluster article for more details on enabling Kerberos authentication. The template for a JDBC URL containing both TLS and Kerberos parameters is as follows:
auth=noSaslparameter when using Kerberos authentication.