Configure SSL for Privacera services#
If required, you can enable/disable SSL for the following Privacera services. Just add the SSL property of the service you want to configure to the vars.ssl.yml
file, and set it to true/false.
- Solr
- AuditServer
- Portal
- Ranger
- DataServer
Solr Service#
To enable Solr SSL, use the following property:
SOLR_SSL_ENABLE: "true"
Note
If you are transitioning an existing, working non-SSL Privacera environment where all the Privacera services are running to SSL or vice-versa, then the entire update process would take around 15-30 minutes more to complete due to the additional Solr transition process included.
AuditServer Service#
To enable AuditServer SSL, use the following property:
AUDITSERVER_SSL_ENABLE: "true"
Portal Service#
To enable Portal SSL, use the following property:
PORTAL_SSL_ENABLE: "true"
Grafana Service#
To enable Grafana SSL, use the following property:
GRAFANA_SSL_ENABLE: "true"
Ranger Service#
To enable Ranger SSL, use the following property:
RANGER_SSL_ENABLE: "true"
DataServer Service#
Enabling DataServer Proxy SSL#
To enable DataServer Proxy SSL, click the tabs to show the properties:
For self-signed certificates, use the following property:
DATASERVER_PROXY_SSL: "true"
For signed certificates, do the following:
-
Copy the following three keys to the location ~/privacera/privacera-manager/config/ssl:
- Signed PEM Full Chain
- Signed PEM Private Key
-
Add the following properties.
DATASERVER_SSL_SELF_SIGNED: "false" DATASERVER_HOST_NAME: "<PLEASE_CHANGE>" DATASERVER_SSL_SIGNED_PEM_FULL_CHAIN: "<PLEASE_CHANGE>" DATASERVER_SSL_SIGNED_PEM_PRIVATE_KEY: "<PLEASE_CHANGE>" DATASERVER_SSL_SIGNED_CERT_FORMAT: "<PLEASE_CHANGE>"
(Optional) Along with the properties above, if your CA certificate is generated with a private key, then copy the Signed Root CA Public Key to the location ~/privacera/privacera-manager/config/ssl and add the following:
DATASERVER_SSL_SIGNED_ROOT_CA_PUBLIC_KEY: "<PLEASE_CHANGE>"
Disabling DataServer Proxy SSL#
To disable DataServer Proxy SSL, then do the following:
-
Set the value of the following property to
false
:DATASERVER_PROXY_SSL: "false"
-
When switching between Dataserver SSL to non-SSL or self-signed to signed, or vice-versa, then remove previously generated DataServer SSL configuration before you run Privacera Manager update.
Use the following command:
rm -rf ~/privacera/privacera-manager/config/ssl/dataserver*