How to configure Ranger Admin, when setting up non-Ambari Ranger SSL using Public CA
certificates.
- Stop Ranger Admin:
ranger-admin stop
. - Open the
ranger-admin-site.xml
file in a text editor: vi
/usr/hdp/current/ranger-admin/ews/webapp/WEB-INF/classes/conf/ranger-admin-site.xml
. - Update
ranger-admin-site.xml
as follows:
-
Add or update the following properties with the values shown below:
<property>
<name>ranger.service.https.attrib.clientAuth</name>
<value>want</value>
</property>
<property>
<name>ranger.service.https.attrib.client.auth</name>
<value>want</value>
</property>
<property>
<name>ranger.https.attrib.keystore.file</name>
<value>/etc/ranger/admin/conf/ranger-admin-keystore.jks</value>
</property>
<property>
<name>ranger.service.https.attrib.keystore.file</name>
<value>/etc/ranger/admin/conf/ranger-admin-keystore.jks</value>
</property>
- Save the changes to
ranger-admin-site.xml
, then use the following command to
start Ranger Admin: ranger-admin start
.