Configuring Ranger to connect to TLS 1.2/TCPS-enabled databases

Updating the Ranger Database JDBC Url Override and additional configuration to connect to the secure databases.

Ensure that TLS 1.2 has already been enabled on the Ranger database.

  1. Go to Cloudera Manager > Ranger > Configuration and specify the following configuration values depending on the database type

    MySQL

    Label Configuration Name Value

    Ranger Database Type

    ranger_database_type

    mysql
    Ranger Database User

    ranger_database_user

    <username>
    Ranger Database User Password

    ranger_database_password

    <password>

    Ranger Database JDBC Url Override

    ranger_database_jdbc_url

    jdbc:mysql://<DB-HOST>:<DB-PORT>/<RANGER-DB-NAME>?sslMode=VERIFY_CA&trustCertificateKeyStoreUrl=<PATH_TO_TRUSTSTORE_FILE>&trustCertificateKeyStoreType=jks&trustCertificateKeyStorePassword=<TRUSTSTORE_PASSWORD>&enabledTLSProtocols=TLSv1.2

    Oracle

    Label Configuration Name Value

    Ranger Database Type

    ranger_database_type

    oracle
    Ranger Database User

    ranger_database_user

    <username>
    Ranger Database User Password

    ranger_database_password

    <password>

    Ranger Database JDBC Url Override

    ranger_database_jdbc_url

    jdbc:oracle:thin:@tcps://<DB-HOST>:<DB-PORT>:<SERVICE_NAME>?javax.net.ssl.trustStore=<PATH_TO_TRUSTSTORE_FILE>&javax.net.ssl.trustStorePassword=<TRUSTSTORE_PASSWORD>&oracle.net.ssl_server_dn_match=false

    PostgreSQL

    Label Configuration Name Value

    Ranger Database Type

    ranger_database_type

    postgresql
    Ranger Database User

    ranger_database_user

    <username>
    Ranger Database User Password

    ranger_database_password

    <password>

    Ranger Database JDBC Url Override

    ranger_database_jdbc_url

    jdbc:postgresql://<DB-HOST>:<DB-PORT>/<RANGER-DB>?sslmode=verify-full&sslrootcert=<path-to-database-server-certificate>&enabledTLSProtocols=TLSv1.2

  2. Click Save Changes.