Database setup details for Ranger KMS for TLS 1.2/TCPS-enabled databases

Updating the Ranger KMS Database JDBC Url Override and additional configuration to connect to the secure databases.

  • Ensure that TLS 1.2 has already been enabled on the Ranger database.
  • Ensure Use JDBC Override URL has been set toYes in the Setup Database page.
  1. Select / Enter the following configuration values depending on the database type.
    • MySQL
      Label Configuration Value
      Ranger KMS Database Type ranger_kms_database_type MySQL
      Ranger KMS Database User ranger_kms_database_user <username>
      Ranger KMS Database User Password ranger_kms_database_password <password>
      Ranger KMS Database JDBC Url Override ranger_kms_database_jdbc_url jdbc:mysql://[***DB-HOST***]:[***DB-PORT***]/[***RANGER-KMS-DB-NAME***]?sslMode=VERIFY_CA&trustCertificateKeyStoreUrl=[***PATH_TO_TRUSTSTORE_FILE***]&trustCertificateKeyStoreType=jks&trustCertificateKeyStorePassword=[***TRUSTSTORE_PASSWORD***]&enabledTLSProtocols=TLSv1.2
    • Oracle
      Label Configuration Value
      Ranger KMS Database Type ranger_kms_database_type Oracle
      Ranger KMS Database User ranger_kms_database_user <username>
      Ranger KMS Database User Password ranger_kms_database_password <password>
      Ranger KMS Database JDBC Url Override ranger_kms_database_jdbc_url jdbc:oracle:thin:@tcps://[***DB-HOST***]:[***DB-PORT***]:[***SERVICE_NAME***]?javax.net.ssl.trustStore=[***PATH_TO_TRUSTSTORE_FILE***]&javax.net.ssl.trustStorePassword=[***TRUSTSTORE_PASSWORD***]&oracle.net.ssl_server_dn_match=false
    • PostgreSQL
      Label Configuration Value
      Ranger KMS Database Type ranger_kms_database_type PostgreSQL
      Ranger KMS Database User ranger_kms_database_user <username>
      Ranger KMS Database User Password ranger_kms_database_password <password>
      Ranger KMS Database JDBC Url Override ranger_kms_database_jdbc_url

      jdbc:postgresql://[***DB-HOST***]:[***DB-PORT***]/[***RANGER-KMS-DB***]?sslmode=verify-full&sslrootcert=[***path-to-database-server-certificate***]&enabledTLSProtocols=TLSv1.2

  2. Click Test Connection.
  3. Once the test connection succeeds, click Continue.