Configure the Ranger HDFS Plugin for SSL
How to configure the Ranger HDFS Plugin for SSL, when setting up Ambari Ranger SSL using Public CA certificates. The following steps show how to configure the Ranger HDFS plugin for SSL. You can use the same procedure for other Ranger components.
Stop HDFS by selecting
https://<hostname of policy manager>:<https port>. , provide the value in the External URL box in the format
, select Advanced ranger-hdfs-policymgr-ssl and set the
xasecure.policymgr.clientssl.keystore-- Enter the public CA signed keystore for the machine that is running the HDFS agent.
xasecure.policymgr.clientssl.keystore.password-- Enter the keystore password.
Select Advanced ranger-hdfs-plugin-properties, then select the Enable
Ranger for HDFS check box.
- Click Save at the top.
- Start HDFS by selecting .
Restart Ranger Admin: Restart.
, from the drop-down menu, select Or:
service ranger-admin restart
- Log into the Ranger Policy Manager UI as the admin user. Click the Edit button of the HDFS repository and provide the CN name of the keystore as the value for Common Name For Certificate, then save your changes.
- Start the HDFS service by selecting .
- Select Audit > Agents. You should see an entry for your repo name with HTTP Response Code 200.