Help Center/ GeminiDB/ GeminiDB HBase API/ Working with GeminiDB HBase API/ Instance Connection and Management/ How Can I Connect to a GeminiDB HBase Instance over TLS (SSL)?
Updated on 2025-09-04 GMT+08:00
View PDF
Share

How Can I Connect to a GeminiDB HBase Instance over TLS (SSL)?

Preparations

  1. Log in to the Huawei Cloud console.
  2. In the service list, choose Databases > GeminiDB.
  3. On the Instances page, click the instance name. The Basic Information page is displayed.
  4. In the DB Information area, toggle on for SSL and click the download icon next to SSL to download the ca.cert file.

  5. Upload the ca.cert file to the ECS.
  6. Run the following command on the ECS to add the server certificate file to the truststore. The default certificate password is PASSWORD. You can change PASSWORD in the following command. The generated truststore file will be used in subsequent connection method examples. 

    keytool -importcert -alias hw -file ca.cert -keystore truststore.jks -storepass PASSWORD

Establishing a TLS Connection Using HBase Shell

Add the following configuration items to the hbase-site.xml file on the client:

  • Set hbase.rpc.tls.truststore.location to the path of the truststore.jks file generated in 6. An absolute path is recommended.
  • Set hbase.rpc.tls.truststore.password to the password set in 6. The default password is PASSWORD.
<property>
  <name>hbase.client.netty.tls.enabled</name>
  <value>true</value>
</property>
<property>
  <name>hbase.rpc.tls.truststore.location</name>
  <value>conf/truststore.jks</value>
</property>
<property>
  <name>hbase.rpc.tls.truststore.password</name>
  <value>PASSWORD</value>
</property>

Start HBase Shell to check whether the connection is successful.

Establishing a TLS Connection Using a Java Application

Modify the connection address and certificate file directory in the following Java code:

package com.huawei;
 
import java.util.ArrayList;
import java.util.List;
 
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseConfiguration;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.client.Admin;
import org.apache.hadoop.hbase.client.ColumnFamilyDescriptor;
import org.apache.hadoop.hbase.client.ColumnFamilyDescriptorBuilder;
import org.apache.hadoop.hbase.client.Connection;
import org.apache.hadoop.hbase.client.ConnectionFactory;
import org.apache.hadoop.hbase.client.TableDescriptor;
import org.apache.hadoop.hbase.client.TableDescriptorBuilder;
 
import static org.apache.hadoop.hbase.io.crypto.tls.X509Util.HBASE_CLIENT_NETTY_TLS_ENABLED;
import static org.apache.hadoop.hbase.io.crypto.tls.X509Util.HBASE_CLIENT_NETTY_TLS_VERIFY_SERVER_HOSTNAME;
import static org.apache.hadoop.hbase.io.crypto.tls.X509Util.TLS_CONFIG_TRUSTSTORE_LOCATION;
import static org.apache.hadoop.hbase.io.crypto.tls.X509Util.TLS_CONFIG_TRUSTSTORE_PASSWORD;
 
public class ExampleTlsConnection
{
    public static void main(String[] args) throws Throwable
    {
        Configuration conf = HBaseConfiguration.create();
        // todo: change connect address
        conf.set("hbase.zookeeper.quorum", "127.0.0.1");
        conf.set("hbase.zookeeper.property.clientPort", "2181");
 
        // todo: change those two strings.
        String path = "/absolute/path/to/your/truststore.jks";
        String password = "your_truststore_pass_word";
 
        conf.setBoolean(HBASE_CLIENT_NETTY_TLS_ENABLED, true);
        conf.setBoolean(HBASE_CLIENT_NETTY_TLS_VERIFY_SERVER_HOSTNAME, false);
        conf.set(TLS_CONFIG_TRUSTSTORE_LOCATION, path);
        conf.set(TLS_CONFIG_TRUSTSTORE_PASSWORD, password);

        // Enters a username and password.
        UserGroupInformation ugi = UserGroupInformation.createProxyUser("your_user_name",   UserGroupInformation.createRemoteUser("your_password"));
        try (Connection connection = ConnectionFactory.createConnection(conf, User.create(ugi)))
        {
            Admin admin = connection.getAdmin();
            TableName tb = TableName.valueOf("test");
 
            List<ColumnFamilyDescriptor> cfs = new ArrayList<>();
            cfs.add(ColumnFamilyDescriptorBuilder.newBuilder("cf1".getBytes()).build());
            cfs.add(ColumnFamilyDescriptorBuilder.newBuilder("cf2".getBytes()).build());
            cfs.add(ColumnFamilyDescriptorBuilder.newBuilder("cf3".getBytes()).build());
            cfs.add(ColumnFamilyDescriptorBuilder.newBuilder("cf4".getBytes()).build());
            cfs.add(ColumnFamilyDescriptorBuilder.newBuilder("cf5".getBytes()).build());
 
            TableDescriptor tableDescriptor = TableDescriptorBuilder.newBuilder(tb).setColumnFamilies(cfs).build();
 
            admin.createTable(tableDescriptor);
        }
 
    }
}
Parent Topic: Instance Connection and Management