Skip to content

Enable Self Signed Certificates with Privacera Platform#

This topic provides instructions for use of Self-Signed Certificates with Privacera services including Privacera Portal, Apache Ranger, Apache Ranger KMS, and Privacera Encryption Gateway.  It establishes a secure connection between internal Privacera components (Dataserver, Ranger KMS, Discovery, PolicySync, and UserSync) and SSL-enabled servers.

Configuration

  1. SSH to the Privacera Host as ${USER}.

  2. Create and open 'config/custom-vars/vars.ssl.yml' to edit.

    cd ~/privacera/privacera-manager
    cp config/sample-vars/vars.ssl.yml config/custom-vars/
    vi config/custom-vars/vars.ssl.yml
    
  3. Set the passwords for the following configuration. Use strong passwords using alpha, symbol, numerical characters.

    SSL_DEFAULT_PASSWORD: "<PLEASE_CHANGE>"
    RANGER_PLUGIN_SSL_KEYSTORE_PASSWORD: "<PLEASE_CHANGE>"
    RANGER_PLUGIN_SSL_TRUSTSTORE_PASSWORD: "<PLEASE_CHANGE>"
    

    Note

    You can enable/disable SSL for specific Privacera services. For more information, refer to Configure SSL for Privacera Services.

  4. Run Privacera Manager update.

    cd ~/privacera/privacera-manager
    ./privacera-manager.sh update
    
  5. For Kubernetes based deployments, restart services:

    cd ~/privacera/privacera-manager
    ./privacera-manager.sh restart
    

Last update: August 24, 2021