Here is how I got it to work. In order for tools such as Hive, Beeline to use LDAPs, you need to make a global change in HADOOP_OPTS for CA Certs, so that it is loaded with Hadoop in general, assuming you imported the cert (self-signed) into a cacert located in /etc/pki/java/cacerts In HDFS-> Configs -> Hadoop Env Template add the following: export HADOOP_OPTS="-Djava_net_preferIPv4Stack=true =Djavax.net.ssl.trustStore=/etc/pki/java/cacerts -Djavax.net.ssl.trustStorePassword=changeit ${HADOOP_OPTS}" Note: Components like Knox and Ranger does not use the hadoop_env and needs its own config to be set for LDAP SSL and a manually restart. Why a manual restart? Because it seems when you start with Ambari, there is no way to manual set user options so that Ambari can pick up these settings and use in java process of Ranger and Knox when it starts. Only when Ranger and Knox is started manually, when restarting is the certs picked up. Note also Hive View does not work with LDAP or LDAP ssl. ... View more

Yes. Multiple Ranger KMS can be deployed for High Availability. ... View more

Change hadoop-env template under HDFS -> Configs -> Advanced -> Advanced hadoop-env. Add the following: #Add libraries required by postgres for jarFile in `ls /usr/share/java/*postgres* 2>/dev/null` do JAVA_JDBC_LIBS=${JAVA_JDBC_LIBS}:$jarFile done Save changes If you are receiving the missing jersey-client.jar file, most likely Yarn Resource Manager is not on the same node as the NameNode Use Ambari to move the Resource Manager to the Name Node ... View more