Hello, We are trying to enable ranger-knox plugin to provide authorisation from Ranger. I had few queries:
Do we need to have SSL enabled in Ranger to be integrated with Knox? What are the steps which will be required, what all keystore/truststore we will need to create, is there any brief documentation for the same? We are planning to follow this document: https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/ch04s20s02s04s01.html <https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/ch04s20s02s04s01.html> Is this the right doc to proceed? We have followed these commands: cd /usr/hdp/2.6.5.0-292/knox/data/security/keystores keytool -exportcert -alias gateway-identity -keystore gateway.jks -file ../knox.crt pass- "Enter Key" cd ../ cp /usr/java/latest/jre/lib/security/cacerts cacerts.withknox keytool -import -trustcacerts -file knox.crt -alias knox -keystore cacerts.withknox Pass- changeit keytool -import -trustcacerts -file knox.crt -alias knox -keystore cacerts.withknox But we are getting these errors when we are making the repo and clicking on test connection: org.apache.ranger.plugin.client.HadoopException: Exception on REST call to KnoxUrl : https://192.168.134.119:8443/gateway/admin/api/v1/topologies.. Exception on REST call to KnoxUrl : https://192.168.1.1:8443/gateway/admin/api/v1/topologies.. javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty. java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty. Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty. the trustAnchors parameter must be non-empty. Thanks Dhruv
