Required Ranger settings to integrate Ranger with LDAPS

Question

I’m facing an issue in the certificate authentication for LDAPS when integrating with Ranger. The certificate has been put in the Java trust store. What all setting are to be altered when shifting from LDAP to LDAPS in the case of Ranger. Checked the certificate, certificate is valid.

Commands used to put file in truststore are:

openssl s_client -connect certificate-alias 1>/tmp/keytool_stdout 2>/tmp/output </dev/null

sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' </tmp/keytool_stdout > certificate.pem

keytool -import -trustcacerts -noprompt -storepass ****** -alias certificate-alias -file certificate.pem;

sudo keytool -import -trustcacerts -noprompt -keystore /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.312.b07-1.amzn2.0.2.x86_64/jre/lib/security/cacerts -storepass ****** -alias certificate-alias -file certificate.pem

where in certificate.pem is the PEM file for the certificate .

Current changes made in install.properties: LDAP-URL:ldaps://aws****:3269 I'm unable to find the setting wherein I can put the path to certificate. https://issues.apache.org/jira/browse/RANGER-217 :- found this but did not find the proper settings

Can someone mention all the settings that have to be updated in install.propertiesof Rangeradminandusersync` to integrate LDAPS.

Also, would putting the certificate in the truststore a better approach or putting the certificate in the folder containing the ranger file.