Skip to main content

Privacera Documentation

Enable self-signed certificates on Privacera Platform

You can use self-signed certificates with Privacera services, including Privacera Portal, Apache Ranger, Apache Ranger KMS, and Privacera Encryption Gateway. Self-signed certificates establish a secure connection between internal Privacera components (Dataserver, Ranger KMS, Discovery, PolicySync, and UserSync) and SSL-enabled servers.

Note

Support Chain SSL - Preview Functionality

Previously Privacera services were only using one SSL certificate of LDAP server even if a chain of certificates was available. Now as a Preview functionality, all the certificates which are available in the chain certificate are imported it into the truststore. This is added for Privacera usersync, Ranger usersync and portal SSL certificates.

To enable self-signed certificates on Privacera Platform:

  1. SSH to the instance where Privacera is installed.

  2. Run the following command.

    cd ~/privacera/privacera-manager 
    cp config/sample-vars/vars.ssl.yml config/custom-vars/ 
    vi config/custom-vars/vars.ssl.ym
  3. Set the passwords for the following configuration. The passwords must be at least six characters and should include alpha, symbol, numerical characters.

    SSL_DEFAULT_PASSWORD: "<PLEASE_CHANGE>" 
    RANGER_PLUGIN_SSL_KEYSTORE_PASSWORD: "<PLEASE_CHANGE>" 
    RANGER_PLUGIN_SSL_TRUSTSTORE_PASSWORD: "<PLEASE_CHANGE>"

    Note

    You can enable/disable SSL for specific Privacera services. For more information, refer to Configure SSL for Privacera Platform.

  4. Run Privacera Manager update.

    cd ~/privacera/privacera-manager
    ./privacera-manager.sh update
    
  5. For Kubernetes based deployments, restart services:

    cd ~/privacera/privacera-manager
    ./privacera-manager.sh restart