Support Questions
Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Advanced Search

Enabling SSL for Ranger Admin UI :

Highlighted

Enabling SSL for Ranger Admin UI :

Labels:
aaryanreddy349
New Contributor

Created ‎01-18-2018 07:40 PM

Hello All,

I am trying to enable SSL for Ranger and am facing through some challenges . My requirement is to enable SSL for just admin UI .

I tried enabling SSL for just admin UI as in Step 1 but as it didnot help and hence tried Step2 to enable SSL for plugin as well . But that has not helped .

  • Enabled SSL for admin UI following the document as below. After enabling SSL , I am able to login but the updates to plugins unable to sync

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.3/bk_security/content/configure_ambari_ranger...

  • Step 2 - Enabled SSL for HDFS plugin following the document in the above link , still the policy does not get updated .

Attached is the error log that I get from namenode also seen on xaportal log . Also I have shared information showing the cert-finger print present on respective keystore and trust-store.

Will appreciate any inputs here .

environment i am using : HDP 2.5.3 + Ambari 2.5.1

attachement1.txt

Reply
1,950 Views
0 Kudos
Tags (3)
7 REPLIES 7
Highlighted

Re: Enabling SSL for Ranger Admin UI :

pbhagade
Contributor

Created ‎01-19-2018 05:13 AM

Hello,
is cluster kerberised?
Do you want use Self signed or CA signed?

In Non-Kerberos, Ranger SSL with CA-signed will have two way SSL.
# while creating the client certs, make sure you provide extension as "usr_cert" and server cert as "server_cert", other wise 2 WAY SSL communication would fail

Reply
1,208 Views
0 Kudos
Highlighted

Re: Enabling SSL for Ranger Admin UI :

aaryanreddy349
New Contributor

Created ‎01-19-2018 04:25 PM

The cluster is not Kerberized . Eventually I want to use CA signed certs but wanted to go through self-signed steps first .

Reply
1,208 Views
0 Kudos
Highlighted

Re: Enabling SSL for Ranger Admin UI :

pbhagade
Contributor

Created ‎01-20-2018 06:53 AM

Please below article for Self Signed:

Ranger Admin SSL Self Signed
Ranger Admin CA Signed

Reply
1,208 Views
0 Kudos
Highlighted

Re: Enabling SSL for Ranger Admin UI :

anshuman
Expert Contributor

Created ‎01-31-2018 06:22 PM

@Aaryan Reddy were you able to solve your problem ?

Reply
1,208 Views
0 Kudos
Highlighted

Re: Enabling SSL for Ranger Admin UI :

aaryanreddy349
New Contributor

Created ‎02-07-2018 08:43 AM

@Anshuman Mehta I was able to solve the problem .There is a property under ranger admin that specifies the trustsore path and I was trying to create a truststore and then import the certs into it. But seems like default java truststore is honored, once I add the necessary certs to the default JAVA truststore on ranger admin host , services started honoring the certs and the issue got resolved

Reply
1,208 Views
0 Kudos
Highlighted

Re: Enabling SSL for Ranger Admin UI :

anshuman
Expert Contributor

Created ‎02-08-2018 01:25 AM

Thanks, was able to solve our problem as well. It was related to not importing the intermediate AND the root certificates into the server keystores. Took a bit of debugging the source to figure it out but it worked in the end.

Reply
1,208 Views
0 Kudos
Highlighted

Re: Enabling SSL for Ranger Admin UI :

Shelton
Mentor

Created ‎07-10-2018 01:07 AM

@Aaryan Reddy

Here is a nice document and accompanying video from HCC member Felix Albani How to configure Ranger Admin SSL

that will walk you through

HTH

Reply
1,208 Views
0 Kudos
Don't have an account?
Register