Configure Ranger KMS Database for SSL-enabled MySQL
When an SSL-enabled database is configured for use with Ranger KMS, you must add certain configurations to Ranger. This explains how to configure the Ranger KMS Database for SSL-enabled MySQL, when setting up Ambari Ranger SSL using Public CA certificates.
-
In Ambari>Ranger KMS>Configs>Advanced>Custom
kms-properties, add the following parameters:
db_ssl_enabled=True
db_ssl_required=True
db_ssl_verifyServerCertificate=True
javax_net_ssl_keyStore=/etc/ranger/admin/keystore
javax_net_ssl_keyStorePassword=ranger
javax_net_ssl_trustStore=/etc/ranger/admin/truststore
javax_net_ssl_trustStorePassword=ranger
Change keystore and truststore file paths according to your environment.
If certificate verification is not required, you can set value
false
in propertydb_ssl_verifyServerCertificate
. In this case, keystore and truststore file location need not to be valid and/or mandatory. -
In Ambari>Ranger KMS>Configs>Advanced>Custom
dbks-site, add the following parameters:
ranger.ks.db.ssl.enabled=true
ranger.ks.db.ssl.required=true
ranger.ks.db.ssl.verifyServerCertificate=true
ranger.ks.keystore.file=/etc/ranger/admin/keystore
ranger.ks.keystore.password=ranger
ranger.ks.truststore.file=/etc/ranger/admin/truststore
ranger.ks.truststore.password=password
Change keystore file path according to your environment.
If certificate verification is not required, then you can set value
false
in propertyranger.db.ssl.verifyServerCertificate
. In this case, keystore and truststore file location need not to be valid and/or mandatory. - Install/restart Ranger KMS.