Configuring Wire Encryption
Also available as:
PDF
loading table of contents...

Configure Ranger KMS Database for SSL-enabled MySQL

When an SSL-enabled database is configured for use with Ranger KMS, you must add certain configurations to Ranger. This explains how to configure the Ranger KMS Database for SSL-enabled MySQL, when setting up Ambari Ranger SSL using Public CA certificates.

  1. In Ambari>Ranger KMS>Configs>Advanced>Custom kms-properties, add the following parameters:
    • db_ssl_enabled=True
    • db_ssl_required=True
    • db_ssl_verifyServerCertificate=True
    • javax_net_ssl_keyStore=/etc/ranger/admin/keystore
    • javax_net_ssl_keyStorePassword=ranger
    • javax_net_ssl_trustStore=/etc/ranger/admin/truststore
    • javax_net_ssl_trustStorePassword=ranger

    Change keystore and truststore file paths according to your environment.

    If certificate verification is not required, you can set value false in property db_ssl_verifyServerCertificate. In this case, keystore and truststore file location need not to be valid and/or mandatory.

  2. In Ambari>Ranger KMS>Configs>Advanced>Custom dbks-site, add the following parameters:
    • ranger.ks.db.ssl.enabled=true
    • ranger.ks.db.ssl.required=true
    • ranger.ks.db.ssl.verifyServerCertificate=true
    • ranger.ks.keystore.file=/etc/ranger/admin/keystore
    • ranger.ks.keystore.password=ranger
    • ranger.ks.truststore.file=/etc/ranger/admin/truststore
    • ranger.ks.truststore.password=password

    Change keystore file path according to your environment.

    If certificate verification is not required, then you can set value false in property ranger.db.ssl.verifyServerCertificate. In this case, keystore and truststore file location need not to be valid and/or mandatory.

  3. Install/restart Ranger KMS.