Overriding custom keystore alias on a Ranger KMS Server

Use this procedure to override the custom keystore alias on a Ranger KMS server.

The custom keystore alias may need to be overridden in the following scenarios:

User has manually enabled TLS/SSL during fresh installations of Ranger KMS, and the keystore alias was not added to the hostname.

Overriding custom keystore alias while configuring TLS/SSL on a single instance of Ranger KMS Server

In Cloudera Manager, select Ranger KMS > Configuration, and search for ranger.service.https.attrib.keystore.keyalias to set the custom alias value for the Ranger KMS Server TLS/SSL Keystore File Alias configuration parameter.
Click Save Changes.
Restart the Ranger KMS service.

In Cloudera Manager, select Ranger KMS > Instances and select Ranger KMS Server role > Configuration. Use the Add (+) icons for the Ranger KMS Server Advanced Configuration Snippet (Safety valve) for conf/ranger-kms-site.xml property to add the following property:
```
ranger.service.https.attrib.keystore.keyalias = <expected alias>
```
This overrides the configuration on the host on which the current Ranger KMS Server role is available.
Repeat Step 1 for all the other Ranger KMS Servers to override the configuration by using the Ranger KMS Server Advanced Configuration Snippet (Safety valve) for conf/ranger-kms-site.xml property.
Restart the Ranger KMS service.
note
When high-availability has been enabled for Ranger KMS, the keystore may not have the same alias for different KMS instances. In such cases, use FQDN as the alias or add the custom key alias configuration in the Ranger KMS Server Advanced Configuration Snippet (Safety valve) for conf/ranger-kms-site.xml property of each host.