Skip to content

Configure SSL for Privacera services#

If required, you can enable/disable SSL for the following Privacera services. Just add the SSL property of the service you want to configure to the vars.ssl.yml file, and set it to true/false.

  • Solr
  • AuditServer
  • Portal
  • Ranger
  • DataServer

Solr Service#

To enable Solr SSL, use the following property:

SOLR_SSL_ENABLE: "true"

Note

If you are transitioning an existing, working non-SSL Privacera environment where all the Privacera services are running to SSL or vice-versa, then the entire update process would take around 15-30 minutes more to complete due to the additional Solr transition process included.

AuditServer Service#

To enable AuditServer SSL, use the following property:

AUDITSERVER_SSL_ENABLE: "true"

Portal Service#

To enable Portal SSL, use the following property:

PORTAL_SSL_ENABLE: "true"

Ranger Service#

To enable Ranger SSL, use the following property:

RANGER_SSL_ENABLE: "true"

DataServer Service#

Enabling DataServer Proxy SSL#

To enable DataServer Proxy SSL, click the tabs to show the properties:

For self-signed certificates, use the following property:

DATASERVER_PROXY_SSL: "true"

For signed certificates, do the following:

  1. Copy the following three keys to the location ~/privacera/privacera-manager/config/ssl:

    • Signed PEM Full Chain
    • Signed PEM Private Key
  2. Add the following properties.

    DATASERVER_SSL_SELF_SIGNED: "false"
    DATASERVER_HOST_NAME: "<PLEASE_CHANGE>"
    DATASERVER_SSL_SIGNED_PEM_FULL_CHAIN: "<PLEASE_CHANGE>"
    DATASERVER_SSL_SIGNED_PEM_PRIVATE_KEY: "<PLEASE_CHANGE>"
    DATASERVER_SSL_SIGNED_CERT_FORMAT: "<PLEASE_CHANGE>"
    

    (Optional) Along with the properties above, if your CA certificate is generated with a private key, then copy the Signed Root CA Public Key to the location ~/privacera/privacera-manager/config/ssl and add the following:

    DATASERVER_SSL_SIGNED_ROOT_CA_PUBLIC_KEY: "<PLEASE_CHANGE>"
    

Disabling DataServer Proxy SSL#

To disable DataServer Proxy SSL, then do the following:

  1. Set the value of the following property to false:

    DATASERVER_PROXY_SSL: "false"
    
  2. When switching between Dataserver SSL to non-SSL or self-signed to signed, or vice-versa, then remove previously generated DataServer SSL configuration before you run Privacera Manager update.

    Use the following command:

    rm -rf ~/privacera/privacera-manager/config/ssl/dataserver*
    

Last update: September 15, 2021