Configure Ranger Admin Database for SSL-Enabled MySQL (Ranger SSL)

When an SSL-enabled database is configured for use with Ranger, you must add certain configurations to Ranger

1. In Ambari>Ranger>Configs>Advanced>Custom admin-properties, add the following parameters:
   • db_ssl_enabled=True
   • db_ssl_required=True
   • db_ssl_verifyServerCertificate=True
   • javax_net_ssl_keyStore=/etc/ranger/admin/keystore
   • javax_net_ssl_keyStorePassword=ranger
   • javax_net_ssl_trustStore=/etc/ranger/admin/truststore
   • javax_net_ssl_trustStorePassword=ranger

   Change keystore and truststore file paths according to your environment.

   If certificate verification is not required, you can set value false in property db_ssl_verifyServerCertificate. In this case, keystore and truststore file location need not to be valid and/or mandatory.

2. In Ambari>Ranger>Configs>Advanced>Custom ranger-admin-site, add the following parameters:
   • ranger.db.ssl.enabled=true
   • ranger.db.ssl.required=true
   • ranger.db.ssl.verifyServerCertificate=true
   • ranger.keystore.file=/etc/ranger/admin/keystore
   • ranger.keystore.password=ranger

   Change keystore file path according to your environment.

   If certificate verification is not required, then you can set value false in property ranger.db.ssl.verifyServerCertificate. In this case, keystore and truststore file location need not to be valid and/or mandatory.

3. In Ambari>Ranger>Configs>Advanced>Advanced ranger-admin-site, add the following parameters:
   • ranger.truststore.file=/etc/ranger/admin/truststore
   • ranger.truststore.password=password
4. Install/restart Ranger.