Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Enabling SSL for Ranger Admin UI :

Enabling SSL for Ranger Admin UI :

New Contributor

Hello All,

I am trying to enable SSL for Ranger and am facing through some challenges . My requirement is to enable SSL for just admin UI .

I tried enabling SSL for just admin UI as in Step 1 but as it didnot help and hence tried Step2 to enable SSL for plugin as well . But that has not helped .

  • Enabled SSL for admin UI following the document as below. After enabling SSL , I am able to login but the updates to plugins unable to sync

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.3/bk_security/content/configure_ambari_ranger...

  • Step 2 - Enabled SSL for HDFS plugin following the document in the above link , still the policy does not get updated .

Attached is the error log that I get from namenode also seen on xaportal log . Also I have shared information showing the cert-finger print present on respective keystore and trust-store.

Will appreciate any inputs here .

environment i am using : HDP 2.5.3 + Ambari 2.5.1

attachement1.txt

7 REPLIES 7
Highlighted

Re: Enabling SSL for Ranger Admin UI :

Contributor

Hello,
is cluster kerberised?
Do you want use Self signed or CA signed?

In Non-Kerberos, Ranger SSL with CA-signed will have two way SSL.
# while creating the client certs, make sure you provide extension as "usr_cert" and server cert as "server_cert", other wise 2 WAY SSL communication would fail

Re: Enabling SSL for Ranger Admin UI :

New Contributor

The cluster is not Kerberized . Eventually I want to use CA signed certs but wanted to go through self-signed steps first .

Re: Enabling SSL for Ranger Admin UI :

Contributor

Please below article for Self Signed:

Ranger Admin SSL Self Signed
Ranger Admin CA Signed

Re: Enabling SSL for Ranger Admin UI :

Rising Star

@Aaryan Reddy were you able to solve your problem ?

Re: Enabling SSL for Ranger Admin UI :

New Contributor

@Anshuman Mehta I was able to solve the problem .There is a property under ranger admin that specifies the trustsore path and I was trying to create a truststore and then import the certs into it. But seems like default java truststore is honored, once I add the necessary certs to the default JAVA truststore on ranger admin host , services started honoring the certs and the issue got resolved

Re: Enabling SSL for Ranger Admin UI :

Rising Star

Thanks, was able to solve our problem as well. It was related to not importing the intermediate AND the root certificates into the server keystores. Took a bit of debugging the source to figure it out but it worked in the end.

Re: Enabling SSL for Ranger Admin UI :

Mentor

@Aaryan Reddy

Here is a nice document and accompanying video from HCC member Felix Albani How to configure Ranger Admin SSL

that will walk you through

HTH

Don't have an account?
Coming from Hortonworks? Activate your account here