Skip to content

Configure CA-Signed Certificate for Privacera Plugin

This topic provides instructions to use a Certificate Authority (CA) Signed Certificate instead of a Self-Signed Certificate for communicating with Ranger.


  1. SSH to the instance as ${USER}.

  2. Remove ranger-plugin-keystore.p12 or ranger-plugin-keystore.jks file from config/ssl folder, if it exists.

  3. Copy the following keys to the location ~/privacera/privacera-manager/config/ssl:

    • Signed PEM Full Chain
    • Signed PEM Private Key
  4. Open the vars.ssl.yml file.

    cd ~/privacera/privacera-manager
    vi config/custom-vars/vars.ssl.yml
  5. Add the following properties:

  6. Save and Exit.

  7. Run the following command:

    mkdir -p ~/privacera/backup
    cd ~/privacera/privacera-manager
    mv config/ssl/ranger-plugin-keystore.* ~/privacera/backup/
  8. Run the following command:

    cd ~/privacera/privacera-manager
    ./ update


The Common Name for a certificate should be the same as the CN name of the CA-signed certificate, which requires manual changes to all service definitions.