Cloudera Docs

Configure TLS/SSL encryption manually for Ranger RMS

How to manually configure TLS/SSL encryption for Ranger RMS

  1. In Cloudera Manager, select Ranger KMS, then click the Configuration tab.
  2. Under Category, select Security.
  3. Set the following properties:
    Table 1. Ranger RMS TLS/SSL Settings
    Configuration Property Description

    Enable TLS/SSL for Ranger RMS Server

    ranger-rms.service.https.attrib.ssl.enabled

    Encrypt communication between clients and Ranger RMS Server using Transport Layer Security (TLS) (formerly known as Secure Socket Layer (SSL)).

    Ranger RMS Server TLS/SSL Server JKS Keystore File Location

    ranger-rms.service.https.attrib.keystore.file

    The path to the TLS/SSL keystore file containing the server certificate and private key used for TLS/SSL. Used when Ranger RMS Server is acting as a TLS/SSL server. The keystore must be in JKS format.

    Ranger RMS Server TLS/SSL Server JKS Keystore File Password

    ranger-rms.service.https.attrib.keystore.pass

    The password for the Ranger RMS Server JKS keystore file.

    Ranger RMS Server TLS/SSL Trust Store File

    ranger-rms.truststore.file

    The location on disk of the trust store, in .jks format, used to confirm the authenticity of TLS/SSL servers that Ranger RMS Server might connect to. This trust store must contain the certificate(s) used to sign the service(s) connected to.

    If this parameter is not provided, the default list of well-known certificate authorities is used instead.

    Ranger RMS Server TLS/SSL Trust Store Password

    ranger-rms.truststore.password

    The password for the Ranger RMS Server TLS/SSL Trust Store File. This password is not required to access the trust store; this field can be left blank. This password provides optional integrity checking of the file. The contents of trust stores are certificates, and certificates are public information.
  4. In Filters > Search > , type ranger-rms.service.https.attrib.keystore.keyalias to set the Ranger RMS Server TLS/SSL Keystore File Alias property.
    Table 2. Ranger RMS Server TLS/SSL Keystore File Alias Settings
    Configuration Property Description

    Ranger RMS Server TLS/SSL Keystore File Alias

    ranger-rms.service.https.attrib.keystore.keyalias

    The alias for the Ranger RMS Server TLS/SSL keystore file.

    If host FQDN is used as an alias while creating a keystore file, the {{HOST}} default placeholder value will be replaced with the host FQDN where Ranger RMS Server will be installed in the current cluster.

    The placeholder can be replaced to have a custom alias used while creating the keystore file.

    If using a custom alias which is the same as host short name then use {{HOST_UQDN}} placeholder as a value.