Support Questions
Find answers, ask questions, and share your expertise

Ranger Admin Still Looking Into Default Java Truststore To Authenticate Atlas

Ranger Admin Still Looking Into Default Java Truststore To Authenticate Atlas

Explorer

Recently renewed certificates for an HDP cluster, which included the certificates for the ranger plugin (correctly having the same CN throughout the cluster)

 

The issue here is Atlas is set up with Two-way SSL, meaning that the Ranger admin node needs (and has currently) the root CA and intermediate CA certs in it's truststore as well as on the Atlas node (specified under property xasecure.policymgr.clientssl.truststore correctly)

 

Despite this, Ranger is still using the default java truststore to allow Atlas to authenticate. 

 

I don't want to keep re-importing into the default java truststore when it gets overwritten during something like an OS patching.

 

How can I make Ranger point to the separate truststore we've created?