Configuring SSL Verification

If you are connecting to an HBase server over the Apache Knox Gateway and the server has Secure Sockets Layer (SSL) enabled, you can configure the connector to connect to an SSL-enabled socket. When using SSL to connect to a server, the connector can be configured to verify the identity of the server.

You can set the connection properties described below in a connection string or in a DSN (in the odbc.ini file). Settings in the connection string take precedence over settings in the DSN.

To configure SSL verification:

  1. To enable SSL connections, set the SSL attribute to 1.
  2. To allow authentication using self-signed certificates that have not been added to the list of trusted certificates, set the AllowSelfSignedServerCert attribute to 1.
  3. To allow the common name of a CA-issued SSL certificate to not match the host name of the HBase server, set the AllowHostNameCNMismatch attribute to 1.
  4. Choose one:
    • To configure the connector to load SSL certificates from a specific .pem file when verifying the server, set the TrustedCerts attribute to the full path of the .pem file.
    • Or, to use the trusted CA certificates .pem file that is installed with the connector, do not specify a value for the TrustedCerts attribute.
  5. To specify the minimum version of TLS to use, set the Min_TLS property to the minimum version of TLS. Supported options include 1.0 for TLS 1.0, 1.1 for TLS 1.1, and 1.2 for TLS 1.2.