Database setup details for Ranger KMS for TLS 1.2/TCPS-enabled databases
Updating the Ranger KMS Database JDBC Url Override and additional configuration to connect to the secure databases.
- Ensure that TLS 1.2 has already been enabled on the Ranger database.
- Ensure Use JDBC Override URL has been set toYes in the Setup Database page.
-
Select / Enter the following configuration values depending on the database type.
- MySQL
Label Configuration Value Ranger KMS Database Type ranger_kms_database_type MySQL Ranger KMS Database User ranger_kms_database_user <username> Ranger KMS Database User Password ranger_kms_database_password <password> Ranger KMS Database JDBC Url Override ranger_kms_database_jdbc_url jdbc:mysql://[***DB-HOST***]:[***DB-PORT***]/[***RANGER-KMS-DB-NAME***]?sslMode=VERIFY_CA&trustCertificateKeyStoreUrl=[***PATH_TO_TRUSTSTORE_FILE***]&trustCertificateKeyStoreType=jks&trustCertificateKeyStorePassword=[***TRUSTSTORE_PASSWORD***]&enabledTLSProtocols=TLSv1.2 - Oracle
Label Configuration Value Ranger KMS Database Type ranger_kms_database_type Oracle Ranger KMS Database User ranger_kms_database_user <username> Ranger KMS Database User Password ranger_kms_database_password <password> Ranger KMS Database JDBC Url Override ranger_kms_database_jdbc_url jdbc:oracle:thin:@tcps://[***DB-HOST***]:[***DB-PORT***]:[***SERVICE_NAME***]?javax.net.ssl.trustStore=[***PATH_TO_TRUSTSTORE_FILE***]&javax.net.ssl.trustStorePassword=[***TRUSTSTORE_PASSWORD***]&oracle.net.ssl_server_dn_match=false - PostgreSQL
Label Configuration Value Ranger KMS Database Type ranger_kms_database_type PostgreSQL Ranger KMS Database User ranger_kms_database_user <username> Ranger KMS Database User Password ranger_kms_database_password <password> Ranger KMS Database JDBC Url Override ranger_kms_database_jdbc_url jdbc:postgresql://[***DB-HOST***]:[***DB-PORT***]/[***RANGER-KMS-DB***]?sslmode=verify-full&sslrootcert=[***path-to-database-server-certificate***]&enabledTLSProtocols=TLSv1.2
- MySQL
- Click Test Connection.
- Once the test connection succeeds, click Continue.