Configure Ranger with SSL/TLS enabled PostgreSQL Database

Steps to configure Ranger service with SSL/TLS enabled PostgreSQL database.

Make sure that:

  • The database and database user for Ranger service are created in the required postgreSQL.
  • A database server certificate is issued by a trusted certificate authority.
  • The server host name matches the host name in the database server certificate.
  • Copy the database server certificate to /var/lib/ranger/ path , or use any custom path.

While installing Ranger service from Cloudera Manager using the installation wizard, stop at Setup Database to set the connection properties. The following steps apply to both FIPS-enabled and non FIPS-enabled clusters.

  1. In Setup Databases > Type, select PostgreSQL.
  2. In Use JDBC URL Override, select Yes.
  3. In JDBC URL, type the following connection URL format:
    jdbc:postgresql://<DB-HOST>:<DB-PORT>/<RANGER-DB>?sslmode=verify-full&sslrootcert=
    <path-to-database-server-certificate>
  4. Click Test Connection.
  5. Click Continue.
  6. In Review Config, update the following configurations:
    ranger.db.ssl.enabled
    true
    ranger.db.ssl.verifyServerCertificate
    true
    ranger.db.ssl.auth.type
    1-way
    ranger.db.ssl.certificateFile
    <path-to-db-server-certificate>