Configuring Wire Encryption
Also available as:
PDF
loading table of contents...

Configure the Ranger KMS Server for SSL

How to configure the Ranger KMS Server for SSL, when setting up Ambari Ranger SSL using Public CA certificates.

  1. Stop Ranger KMS by selecting Service Actions > Stop.
  2. Select Custom ranger-kms-site, then add the following properties as shown below:
    • ranger.https.attrib.keystore.file
    • ranger.service.https.attrib.keystore.file (duplicate of above – workaround for now)
    • ranger.service.https.attrib.clientAuth
    • ranger.service.https.attrib.client.auth (duplicate of above – workaround for now)
    • ranger.service.https.attrib.keystore.keyalias
    • ranger.service.https.attrib.keystore.pass
    • ranger.service.https.attrib.ssl.enabled
    • ranger.service.https.port
  3. Under Advanced kms_env, update the value of kms_port to match the value of ranger.service.https.port.
  4. Save your changes and restart Ranger KMS.
    When you attempt to access the Ranger KMS UI with the HTTPS protocol on the port specified by the ranger.service.https.port property, the browser should report that it does not trust the site. Click Proceed anyway and you should be able to access the Ranger Admin UI over HTTPS.