Pradeep Agrawal created RANGER-1288:
---------------------------------------
Summary: Add SSL enabled MySQL support in Ranger Admin
Key: RANGER-1288
URL: https://issues.apache.org/jira/browse/RANGER-1288
Project: Ranger
Issue Type: Improvement
Components: Ranger
Affects Versions: 0.7.0
Reporter: Pradeep Agrawal
Assignee: Pradeep Agrawal
*Problem Statement :* Ranger can not communicate to ssl enabled MySQL server
*Associated error message :* Ranger DB script fails to communicate with the DB
with sql AccessContronlException.
*Proposed Solution :* JDBC connection string could be :
"jdbc:mysql://127.0.0.1:3306/ranger?verifyServerCertificate=false&useSSL=true&requireSSL=true".
The 'useSSL=true' property is added to the JDBC URL to attempt to communicate
via SSL.
The 'verifyServerCerticate=false' property is set to bypass certificate
validation.
The 'requireSSL=true' property is set to refuse to connect if the MySQL server
does not support SSL. If user want to connect using truststore then he can
configure truststore files(certificate information for the mysql server and
client both).
Ranger application and jisql utility should know from where to pick the
certificates which can be set in System properties like this :
-Djavax.net.ssl.keyStore=path_to_keystore_file
-Djavax.net.ssl.keyStorePassword=password
-Djavax.net.ssl.trustStore=path_to_truststore_file
-Djavax.net.ssl.trustStorePassword=password
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
