You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ranger.apache.org by Lune Silver <lu...@gmail.com> on 2016/06/24 17:45:57 UTC
Custom truststore for ranger admin
Hello !
Currently when activating encryption between plugins and admin, admin uses
the default truststore of java.
Is it possible to specify a custom truststore for ranger admin ?
BR.
Lune
Re: Custom truststore for ranger admin
Posted by Sailaja Polavarapu <sp...@hortonworks.com>.
Hi Lune,
Recently we added two new properties for Ranger admin “ranger.truststore.file” and “ranger.truststore.password” to specify custom truststore. For more details you can refer to Apache JIRA RANGER-840.
Thanks,
Sailaja
<https://issues.apache.org/jira/browse/RANGER-840>
From: Don Bosco Durai <bo...@apache.org>>
Reply-To: "user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>" <us...@ranger.incubator.apache.org>>
Date: Friday, June 24, 2016 at 11:17 AM
To: "user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>" <us...@ranger.incubator.apache.org>>
Subject: Re: Custom truststore for ranger admin
Ok, got it. You are using 2 way SSL. In RangerAdmin, you can source your customized env scripts.
You can do the following:
1. In your RangerAdmin conf folder, create a file starting with ranger-admin-env-, e.g. ranger-admin-env-truststore.sh
2. Add this line: export JAVA_OPTS=" ${JAVA_OPTS} -Djavax.net.ssl.trustStore=/your_path/your_truststore.jks”
3. Chmod a+x your shell script
4. Restart RangerAdmin
Let me know if this addresses your requirement.
Thanks
Bosco
From: Lune Silver <lu...@gmail.com>>
Reply-To: <us...@ranger.incubator.apache.org>>
Date: Friday, June 24, 2016 at 10:51 AM
To: <us...@ranger.incubator.apache.org>>
Subject: Re: Custom truststore for ranger admin
Yeah when ssl is set to "want", you need to get the certificate of the plugin and to add it to the truststore of the admin.
Le 24 juin 2016 19:47, "Don Bosco Durai" <bo...@apache.org>> a écrit :
Just curious, since plugins are initiating the request, do you need anything on the admin side?
Thanks
Bosco
From: Lune Silver <lu...@gmail.com>>
Reply-To: <us...@ranger.incubator.apache.org>>
Date: Friday, June 24, 2016 at 10:45 AM
To: <us...@ranger.incubator.apache.org>>
Subject: Custom truststore for ranger admin
Hello !
Currently when activating encryption between plugins and admin, admin uses the default truststore of java.
Is it possible to specify a custom truststore for ranger admin ?
BR.
Lune
Re: Custom truststore for ranger admin
Posted by Don Bosco Durai <bo...@apache.org>.
Ok, got it. You are using 2 way SSL. In RangerAdmin, you can source your customized env scripts.
You can do the following:
In your RangerAdmin conf folder, create a file starting with ranger-admin-env-, e.g. ranger-admin-env-truststore.sh
Add this line: export JAVA_OPTS=" ${JAVA_OPTS} -Djavax.net.ssl.trustStore=/your_path/your_truststore.jks”
Chmod a+x your shell script
Restart RangerAdmin
Let me know if this addresses your requirement.
Thanks
Bosco
From: Lune Silver <lu...@gmail.com>
Reply-To: <us...@ranger.incubator.apache.org>
Date: Friday, June 24, 2016 at 10:51 AM
To: <us...@ranger.incubator.apache.org>
Subject: Re: Custom truststore for ranger admin
Yeah when ssl is set to "want", you need to get the certificate of the plugin and to add it to the truststore of the admin.
Le 24 juin 2016 19:47, "Don Bosco Durai" <bo...@apache.org> a écrit :
Just curious, since plugins are initiating the request, do you need anything on the admin side?
Thanks
Bosco
From: Lune Silver <lu...@gmail.com>
Reply-To: <us...@ranger.incubator.apache.org>
Date: Friday, June 24, 2016 at 10:45 AM
To: <us...@ranger.incubator.apache.org>
Subject: Custom truststore for ranger admin
Hello !
Currently when activating encryption between plugins and admin, admin uses the default truststore of java.
Is it possible to specify a custom truststore for ranger admin ?
BR.
Lune
Re: Custom truststore for ranger admin
Posted by Lune Silver <lu...@gmail.com>.
Yeah when ssl is set to "want", you need to get the certificate of the
plugin and to add it to the truststore of the admin.
Le 24 juin 2016 19:47, "Don Bosco Durai" <bo...@apache.org> a écrit :
> Just curious, since plugins are initiating the request, do you need
> anything on the admin side?
>
> Thanks
>
> Bosco
>
>
> From: Lune Silver <lu...@gmail.com>
> Reply-To: <us...@ranger.incubator.apache.org>
> Date: Friday, June 24, 2016 at 10:45 AM
> To: <us...@ranger.incubator.apache.org>
> Subject: Custom truststore for ranger admin
>
> Hello !
>
> Currently when activating encryption between plugins and admin, admin uses
> the default truststore of java.
>
> Is it possible to specify a custom truststore for ranger admin ?
>
> BR.
>
> Lune
>
>
Re: Custom truststore for ranger admin
Posted by Don Bosco Durai <bo...@apache.org>.
Just curious, since plugins are initiating the request, do you need anything on the admin side?
Thanks
Bosco
From: Lune Silver <lu...@gmail.com>
Reply-To: <us...@ranger.incubator.apache.org>
Date: Friday, June 24, 2016 at 10:45 AM
To: <us...@ranger.incubator.apache.org>
Subject: Custom truststore for ranger admin
Hello !
Currently when activating encryption between plugins and admin, admin uses the default truststore of java.
Is it possible to specify a custom truststore for ranger admin ?
BR.
Lune