If you are using a CA signed certificate for your LDAP authentication, the certificate should already be included in the default Java trustStore located at $JAVA_HOME/jre/lib/security/cacerts on all of your nodes, or at least on the NameNode and Ranger Admin/Usersync nodes.

There is no need to manually restart Ranger or perform any keytool imports.

If necessary you can import the CA cert to $JAVA_HOME/jre/lib/security/cacerts. If you are using a self-signed cert you can use the keytool to import it into $JAVA_HOME/jre/lib/security/cacerts.

Edit /usr/hdp/current/ranger-usersync/ranger-usersync-services.sh.

Add java option > -Djavax.net.ssl.trustStore=/<path to the cacert>.

Edit /usr/hdp/current/ranger-admin/ews/ranger-admin-services.sh.

Add parameter -Djavax.net.ssl.trustStore=/<path to the cacert> to the Java call in the script.