Configure SSL for Privacera services#
If required, you can enable/disable SSL for the following Privacera services. Just add the SSL property of the service you want to configure to the
vars.ssl.yml file, and set it to true/false.
To enable Solr SSL, use the following property:
If you are transitioning an existing, working non-SSL Privacera environment where all the Privacera services are running to SSL or vice-versa, then the entire update process would take around 15-30 minutes more to complete due to the additional Solr transition process included.
To enable AuditServer SSL, use the following property:
To enable Portal SSL, use the following property:
To enable Ranger SSL, use the following property:
Enabling DataServer Proxy SSL#
To enable DataServer Proxy SSL, click the tabs to show the properties:
For self-signed certificates, use the following property:
For signed certificates, do the following:
Copy the following three keys to the location ~/privacera/privacera-manager/config/ssl:
- Signed PEM Full Chain
- Signed PEM Private Key
Add the following properties.
DATASERVER_SSL_SELF_SIGNED: "false" DATASERVER_HOST_NAME: "<PLEASE_CHANGE>" DATASERVER_SSL_SIGNED_PEM_FULL_CHAIN: "<PLEASE_CHANGE>" DATASERVER_SSL_SIGNED_PEM_PRIVATE_KEY: "<PLEASE_CHANGE>" DATASERVER_SSL_SIGNED_CERT_FORMAT: "<PLEASE_CHANGE>"
(Optional) Along with the properties above, if your CA certificate is generated with a private key, then copy the Signed Root CA Public Key to the location ~/privacera/privacera-manager/config/ssl and add the following:
Disabling DataServer Proxy SSL#
To disable DataServer Proxy SSL, then do the following:
Set the value of the following property to
When switching between Dataserver SSL to non-SSL or self-signed to signed, or vice-versa, then remove previously generated DataServer SSL configuration before you run Privacera Manager update.
Use the following command:
rm -rf ~/privacera/privacera-manager/config/ssl/dataserver*