Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Enabling SSL for Ranger Admin UI :

Enabling SSL for Ranger Admin UI :

New Contributor

Hello All,

I am trying to enable SSL for Ranger and am facing through some challenges . My requirement is to enable SSL for just admin UI .

I tried enabling SSL for just admin UI as in Step 1 but as it didnot help and hence tried Step2 to enable SSL for plugin as well . But that has not helped .

  • Enabled SSL for admin UI following the document as below. After enabling SSL , I am able to login but the updates to plugins unable to sync

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.3/bk_security/content/configure_ambari_ranger...

  • Step 2 - Enabled SSL for HDFS plugin following the document in the above link , still the policy does not get updated .

Attached is the error log that I get from namenode also seen on xaportal log . Also I have shared information showing the cert-finger print present on respective keystore and trust-store.

Will appreciate any inputs here .

environment i am using : HDP 2.5.3 + Ambari 2.5.1

attachement1.txt

7 REPLIES 7

Re: Enabling SSL for Ranger Admin UI :

Contributor

Hello,
is cluster kerberised?
Do you want use Self signed or CA signed?

In Non-Kerberos, Ranger SSL with CA-signed will have two way SSL.
# while creating the client certs, make sure you provide extension as "usr_cert" and server cert as "server_cert", other wise 2 WAY SSL communication would fail

Re: Enabling SSL for Ranger Admin UI :

New Contributor

The cluster is not Kerberized . Eventually I want to use CA signed certs but wanted to go through self-signed steps first .

Re: Enabling SSL for Ranger Admin UI :

Contributor

Please below article for Self Signed:

Ranger Admin SSL Self Signed
Ranger Admin CA Signed

Re: Enabling SSL for Ranger Admin UI :

Rising Star

@Aaryan Reddy were you able to solve your problem ?

Re: Enabling SSL for Ranger Admin UI :

New Contributor

@Anshuman Mehta I was able to solve the problem .There is a property under ranger admin that specifies the trustsore path and I was trying to create a truststore and then import the certs into it. But seems like default java truststore is honored, once I add the necessary certs to the default JAVA truststore on ranger admin host , services started honoring the certs and the issue got resolved

Highlighted

Re: Enabling SSL for Ranger Admin UI :

Rising Star

Thanks, was able to solve our problem as well. It was related to not importing the intermediate AND the root certificates into the server keystores. Took a bit of debugging the source to figure it out but it worked in the end.

Re: Enabling SSL for Ranger Admin UI :

Mentor

@Aaryan Reddy

Here is a nice document and accompanying video from HCC member Felix Albani How to configure Ranger Admin SSL

that will walk you through

HTH