Configuring Ranger to connect to TLS 1.2/TCPS-enabled databases
Updating the Ranger Database JDBC Url Override and additional configuration to connect to the secure databases.
Ensure that TLS 1.2 has already been enabled on the Ranger database.
-
Go to Cloudera Manager > Ranger > Configuration and specify the following configuration values depending on the
database type
MySQL
Label Configuration Name Value Ranger Database Type
ranger_database_type
mysql Ranger Database User ranger_database_user
<username> Ranger Database User Password ranger_database_password
<password> Ranger Database JDBC Url Override
ranger_database_jdbc_url
jdbc:mysql://<DB-HOST>:<DB-PORT>/<RANGER-DB-NAME>?sslMode=VERIFY_CA&trustCertificateKeyStoreUrl=<PATH_TO_TRUSTSTORE_FILE>&trustCertificateKeyStoreType=jks&trustCertificateKeyStorePassword=<TRUSTSTORE_PASSWORD>&enabledTLSProtocols=TLSv1.2
Oracle
Label Configuration Name Value Ranger Database Type
ranger_database_type
oracle Ranger Database User ranger_database_user
<username> Ranger Database User Password ranger_database_password
<password> Ranger Database JDBC Url Override
ranger_database_jdbc_url
jdbc:oracle:thin:@tcps://<DB-HOST>:<DB-PORT>:<SERVICE_NAME>?javax.net.ssl.trustStore=<PATH_TO_TRUSTSTORE_FILE>&javax.net.ssl.trustStorePassword=<TRUSTSTORE_PASSWORD>&oracle.net.ssl_server_dn_match=false
PostgreSQL
Label Configuration Name Value Ranger Database Type
ranger_database_type
postgresql Ranger Database User ranger_database_user
<username> Ranger Database User Password ranger_database_password
<password> Ranger Database JDBC Url Override
ranger_database_jdbc_url
jdbc:postgresql://<DB-HOST>:<DB-PORT>/<RANGER-DB>?sslmode=verify-full&sslrootcert=<path-to-database-server-certificate>&enabledTLSProtocols=TLSv1.2
- Click Save Changes.
