Configure Ranger with SSL/TLS enabled PostgreSQL Database

Steps to configure Ranger service with SSL/TLS enabled PostgreSQL database.

Make sure that:

The database and database user for Ranger service are created in the required postgreSQL.
A database server certificate is issued by a trusted certificate authority.
The server host name matches the host name in the database server certificate.
note
From CDPDC-7.1.5 onwards, Ranger service requires postgres jdbc driver version >= 42.2.5. The Ranger code also constructs the JDBC connection string to have sslmode=verify-full, if Ranger Database SSL configurations are set in case of postgresql database type.
Copy the database server certificate to /var/lib/ranger/ path , or use any custom path.

While installing Ranger service from Cloudera Manager using the installation wizard, stop at Setup Database to set the connection properties. The following steps apply to both FIPS-enabled and non FIPS-enabled clusters.

In Setup Databases > Type, select PostgreSQL.
In Use JDBC URL Override, select Yes.

In JDBC URL, type the following connection URL format:

jdbc:postgresql://<DB-HOST>:<DB-PORT>/<RANGER-DB>?sslmode=verify-full&sslrootcert=
<path-to-database-server-certificate>

Click Test Connection.
Click Continue.
In Review Config, update the following configurations:

ranger.db.ssl.enabled

true

ranger.db.ssl.verifyServerCertificate

true

ranger.db.ssl.auth.type

1-way

ranger.db.ssl.certificateFile

<path-to-db-server-certificate>