Enable Self Signed Certificates with Privacera Platform
This topic provides instructions for use of Self-Signed Certificates with Privacera services including Privacera Portal, Apache Ranger, Apache Ranger KMS, and Privacera Encryption Gateway. It establishes a secure connection between internal Privacera components (Dataserver, Ranger KMS, Discovery, PolicySync, and UserSync) and SSL-enabled servers.
CLI Configuration
-
SSH to the instance where Privacera is installed.
-
Run the following command.
cd ~/privacera/privacera-manager cp config/sample-vars/vars.ssl.yml config/custom-vars/ vi config/custom-vars/vars.ssl.yml
-
Set the passwords for the following configuration. The passwords must be at least six characters and should include alpha, symbol, numerical characters.
SSL_DEFAULT_PASSWORD: "<PLEASE_CHANGE>" RANGER_PLUGIN_SSL_KEYSTORE_PASSWORD: "<PLEASE_CHANGE>" RANGER_PLUGIN_SSL_TRUSTSTORE_PASSWORD: "<PLEASE_CHANGE>"
Note
You can enable/disable SSL for specific Privacera services. For more information, refer to Configure SSL for Privacera Services.
-
Run Privacera Manager update.
cd ~/privacera/privacera-manager ./privacera-manager.sh update
-
For Kubernetes based deployments, restart services:
cd ~/privacera/privacera-manager ./privacera-manager.sh restart