Privacera Platform master publication

Enable self signed certificates with Privacera Platform
:
 

This topic provides instructions for use of Self-Signed Certificates with Privacera services including Privacera Portal, Apache Ranger, Apache Ranger KMS, and Privacera Encryption Gateway. It establishes a secure connection between internal Privacera components (Dataserver, Ranger KMS, Discovery, PolicySync, and UserSync) and SSL-enabled servers.

Note

Support Chain SSL - Preview Functionality

Previously Privacera services were only using one SSL certificate of LDAP server even if a chain of certificates was available. Now as a Preview functionality, all the certificates which are available in the chain certificate are imported it into the truststore. This is added for Privacera usersync, Ranger usersync and portal SSL certificates.

CLI configuration
  1. SSH to the instance where Privacera is installed.

  2. Run the following command.

    cd ~/privacera/privacera-manager 
    cp config/sample-vars/vars.ssl.yml config/custom-vars/ 
    vi config/custom-vars/vars.ssl.ym
  3. Set the passwords for the following configuration. The passwords must be at least six characters and should include alpha, symbol, numerical characters.

    SSL_DEFAULT_PASSWORD: "<PLEASE_CHANGE>" 
    RANGER_PLUGIN_SSL_KEYSTORE_PASSWORD: "<PLEASE_CHANGE>" 
    RANGER_PLUGIN_SSL_TRUSTSTORE_PASSWORD: "<PLEASE_CHANGE>"

    Note

    You can enable/disable SSL for specific Privacera services. For more information, refer to Configure SSL for Privacera Services.

  4. Run Privacera Manager update.

    cd ~/privacera/privacera-manager
    
    ./privacera-manager.sh update
    
  5. For Kubernetes based deployments, restart services:

    cd ~/privacera/privacera-manager
    
    ./privacera-manager.sh restart