Help Center/
GeminiDB/
GeminiDB HBase API/
Working with GeminiDB HBase API/
Instance Connection and Management/
How Can I Connect to a GeminiDB HBase Instance over TLS (SSL)?
Updated on 2025-08-05 GMT+08:00
How Can I Connect to a GeminiDB HBase Instance over TLS (SSL)?
Preparations
- Log in to the Huawei Cloud console.
- In the service list, choose Databases > GeminiDB.
- On the Instances page, click the instance name. The Basic Information page is displayed.
- In the DB Information area, toggle on
for SSL and click the download icon next to SSL to download the ca.cert file.
- Upload the ca.cert file to the ECS.
- Run the following command on the ECS to add the server certificate file to the truststore. The default certificate password is PASSWORD. You can change PASSWORD in the following command. The generated truststore file will be used in subsequent connection method examples.
keytool -importcert -alias hw -file ca.cert -keystore truststore.jks -storepass PASSWORD
Establishing a TLS Connection Using HBase Shell
Add the following configuration items to the hbase-site.xml file on the client:
- The value of hbase.rpc.tls.truststore.location is the path of the truststore.jks file generated in 6.
- Set hbase.rpc.tls.truststore.password to the password set in 6. The default password is PASSWORD.
<property> <name>hbase.client.netty.tls.enabled</name> <value>true</value> </property> <property> <name>hbase.rpc.tls.truststore.location</name> <value>conf/truststore.jks</value> </property> <property> <name>hbase.rpc.tls.truststore.password</name> <value>PASSWORD</value> </property>
Start HBase Shell to check whether the connection is successful.
Establishing a TLS Connection Using a Java Application
Modify the connection address and certificate file directory in the following Java code:
package com.huawei; import java.util.ArrayList; import java.util.List; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.hbase.HBaseConfiguration; import org.apache.hadoop.hbase.TableName; import org.apache.hadoop.hbase.client.Admin; import org.apache.hadoop.hbase.client.ColumnFamilyDescriptor; import org.apache.hadoop.hbase.client.ColumnFamilyDescriptorBuilder; import org.apache.hadoop.hbase.client.Connection; import org.apache.hadoop.hbase.client.ConnectionFactory; import org.apache.hadoop.hbase.client.TableDescriptor; import org.apache.hadoop.hbase.client.TableDescriptorBuilder; import static org.apache.hadoop.hbase.io.crypto.tls.X509Util.HBASE_CLIENT_NETTY_TLS_ENABLED; import static org.apache.hadoop.hbase.io.crypto.tls.X509Util.HBASE_CLIENT_NETTY_TLS_VERIFY_SERVER_HOSTNAME; import static org.apache.hadoop.hbase.io.crypto.tls.X509Util.TLS_CONFIG_TRUSTSTORE_LOCATION; import static org.apache.hadoop.hbase.io.crypto.tls.X509Util.TLS_CONFIG_TRUSTSTORE_PASSWORD; public class ExampleTlsConnection { public static void main(String[] args) throws Throwable { Configuration conf = HBaseConfiguration.create(); // todo: change connect address conf.set("hbase.zookeeper.quorum", "127.0.0.1"); conf.set("hbase.zookeeper.property.clientPort", "2181"); // todo: change those two strings. String path = "/absolute/path/to/your/truststore.jks"; String password = "your_truststore_pass_word"; conf.setBoolean(HBASE_CLIENT_NETTY_TLS_ENABLED, true); conf.setBoolean(HBASE_CLIENT_NETTY_TLS_VERIFY_SERVER_HOSTNAME, false); conf.set(TLS_CONFIG_TRUSTSTORE_LOCATION, path); conf.set(TLS_CONFIG_TRUSTSTORE_PASSWORD, password); // Enters a username and password. UserGroupInformation ugi = UserGroupInformation.createProxyUser("your_user_name", UserGroupInformation.createRemoteUser("your_password")); try (Connection connection = ConnectionFactory.createConnection(conf, User.create(ugi))) { Admin admin = connection.getAdmin(); TableName tb = TableName.valueOf("test"); List<ColumnFamilyDescriptor> cfs = new ArrayList<>(); cfs.add(ColumnFamilyDescriptorBuilder.newBuilder("cf1".getBytes()).build()); cfs.add(ColumnFamilyDescriptorBuilder.newBuilder("cf2".getBytes()).build()); cfs.add(ColumnFamilyDescriptorBuilder.newBuilder("cf3".getBytes()).build()); cfs.add(ColumnFamilyDescriptorBuilder.newBuilder("cf4".getBytes()).build()); cfs.add(ColumnFamilyDescriptorBuilder.newBuilder("cf5".getBytes()).build()); TableDescriptor tableDescriptor = TableDescriptorBuilder.newBuilder(tb).setColumnFamilies(cfs).build(); admin.createTable(tableDescriptor); } } }
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot