I am trying to enable SSL for Ranger and am facing through some challenges . My requirement is to enable SSL for just admin UI .
I tried enabling SSL for just admin UI as in Step 1 but as it didnot help and hence tried Step2 to enable SSL for plugin as well . But that has not helped .
Attached is the error log that I get from namenode also seen on xaportal log . Also I have shared information showing the cert-finger print present on respective keystore and trust-store.
Will appreciate any inputs here .
environment i am using : HDP 2.5.3 + Ambari 2.5.1
is cluster kerberised?
Do you want use Self signed or CA signed?
In Non-Kerberos, Ranger SSL with CA-signed will have two way SSL.
# while creating the client certs, make sure you provide extension as "usr_cert" and server cert as "server_cert", other wise 2 WAY SSL communication would fail
The cluster is not Kerberized . Eventually I want to use CA signed certs but wanted to go through self-signed steps first .
@Anshuman Mehta I was able to solve the problem .There is a property under ranger admin that specifies the trustsore path and I was trying to create a truststore and then import the certs into it. But seems like default java truststore is honored, once I add the necessary certs to the default JAVA truststore on ranger admin host , services started honoring the certs and the issue got resolved
Thanks, was able to solve our problem as well. It was related to not importing the intermediate AND the root certificates into the server keystores. Took a bit of debugging the source to figure it out but it worked in the end.