KNOWLEDGE BASE

Error "SSL_connect: certificate verify failed" Connecting to Cloudera Hadoop


Published: 23 May 2016
Last Modified Date: 24 Jan 2018

Issue

When connecting to a Cloudera Hadoop Hive or Impala server from Tableau Desktop, one of the following errors may occur:
[Cloudera][ImpalaODBC] (100) Error from the Impala Thrift API:SSL_connect: certificate verify failed
or
[Cloudera][Hardy] (34) Error from server: SSL_connect: certificate verify failed. 

Or when connecting from Tableau Server, this error may occur:
Unable to connect to the data source.
Try connecting again. If the problem persists, disconnect from the data source and contact the data source owner.
Unable to connect to the ODBC Data Source. Check that the necessary drivers are installed and that the connection proprties are valid.
[Cloudera][ImpalaODBC] (100) Error form the Impala Thrift API: SSL_CTX_load_verify_locations: error code: 0
Unable to connect to the server <name>. Check that the server is running and that you have access privileges to the requested database.

Environment

  • Tableau Desktop 
  • Tableau Server
  • Cloudera Hadoop Hive or Impala

Resolution

Work with your local IT to try one of the options below:

Option 1:

Install the Impala SSL certificate in the root certificate using the Windows certificate manager (certmgr.msc) or via group policy.

Option 2:

  1. Save a copy of the .pem certificate from the Impala server to the computer running Tableau Desktop. 
  2. Download and edit the TDC file to specify the file path to the trusted certificates (double quotation marks not required), and then add the .tdc file to:
    1. (Tableau Desktop): The My Tableau Repository\Datasources folder.
    2. (Tableau Server for Windows): In the Tableau Server data directory under tabsvc\vizqlserver\Datasources. The default path is C:\ProgramData\Tableau\Tableau Server\data\tabsvc\vizqlserver\Datasources
    3. (Tableau Server for Linux): In the Tableau Server data directory under tabsvc/vizqlserver/Datasources. The default path is /var/opt/tableau/tableau_server/data/tabsvc/vizqlserver/Datasources/

Option 3:

Overwrite the cacerts.pem file that was installed with the ODBC drivers with the self signed certificate created for the database server. Examples of possible locations for the file: 
C:\Program Files (x86)\Cloudera ODBC Driver for Impala\lib
C:\Program Files\Cloudera ODBC Driver for Apache Hive\lib 

 

Cause

Tableau Desktop or Tableau Server is unable to reach the SSL certificate. 

Additional Information

For any changes to Tableau Server, changes must be applied to all nodes using processes that make data source connections (Backgrounder, Data Server, Vizportal, VizQL Server).
When using Option 2 on Tableau Server, the TDC file must be an exact match to its counterpart on Tableau Desktop: the same drive letter, file path, and name for the .PEM file.
 
Did this article resolve the issue?