SSL Connectivity from neo4j-java-driver 1.6.3











up vote
1
down vote

favorite












I am a brand new user of Neo4J DB. I need to connect to the DB from my Java project. I am using neo4j-java-driver 1.6.3 for the same. I am using neo4j-enterprise edition 3.4.9 (installed via Debian repository in Ubuntu 16.04 ).



I have managed to established the no-authentication connection and basic authentication connection. I am facing issue while connecting a SSL enabled server. I am trying to connect through the below code:




Driver driver = GraphDatabase.driver(url, AuthTokens.basic(username, password), Config.build()
.withTrustStrategy(Config.TrustStrategy.trustCustomCertificateSignedBy(certFile)).toConfig());




I am getting the following error:




sun.security.validator.ValidatorException: No trusted certificate found




How can I create necessary cert file here? I am new to SSL certificates too.



My neo4j.conf file looks like below:




dbms.directories.data=/var/lib/neo4j/data
dbms.directories.plugins=/var/lib/neo4j/plugins
dbms.directories.certificates=/var/lib/neo4j/certificates
dbms.directories.logs=/var/log/neo4j
dbms.directories.lib=/usr/share/neo4j/lib
dbms.directories.run=/var/run/neo4j
dbms.directories.metrics=/var/lib/neo4j/metrics



dbms.directories.import=/var/lib/neo4j/import



dbms.memory.heap.initial_size=512m dbms.memory.heap.max_size=512m



dbms.connectors.default_listen_address=0.0.0.0
dbms.connectors.default_advertised_address=X.X.X.X



dbms.connector.bolt.enabled=true
dbms.connector.bolt.tls_level=OPTIONAL
dbms.connector.http.enabled=true dbms.connector.https.enabled=true



bolt.ssl_policy=bigd



dbms.ssl.policy.bigd.base_directory=/var/lib/neo4j/certificates/bigd
dbms.ssl.policy.bigd.private_key=/var/lib/neo4j/certificates/bigd/private.key
dbms.ssl.policy.bigd.public_certificate=/var/lib/neo4j/certificates/bigd/public.crt



dbms.ssl.policy.bigd.client_auth=require




private.key and public.crt I have created as below:




sudo openssl req -newkey rsa:2048 -nodes -out neo4j.csr -keyout private.key sudo openssl x509 -req -days 3650 -in neo4j.csr -CA



ca.cert -CAkey ca.key -set_serial 01 -out public.crt




I have created certFile specified in the java code as follows:




sudo openssl genrsa -out neo4j-client.key 2048 sudo openssl req -new -out neo4j-client.csr -key neo4j-client.key -subj "/CN=10.0.1.67/O=example.com" sudo openssl x509 -req -in



neo4j-client.csr -CA ca.cert -CAkey ca.key -CAserial ./ca.srl -out



neo4j-client.crt -days 3650




I think I might be missing some configuration or I am not creating the certificates properly. How can I find out what I am missing?










share|improve this question









New contributor




Debosmita is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
























    up vote
    1
    down vote

    favorite












    I am a brand new user of Neo4J DB. I need to connect to the DB from my Java project. I am using neo4j-java-driver 1.6.3 for the same. I am using neo4j-enterprise edition 3.4.9 (installed via Debian repository in Ubuntu 16.04 ).



    I have managed to established the no-authentication connection and basic authentication connection. I am facing issue while connecting a SSL enabled server. I am trying to connect through the below code:




    Driver driver = GraphDatabase.driver(url, AuthTokens.basic(username, password), Config.build()
    .withTrustStrategy(Config.TrustStrategy.trustCustomCertificateSignedBy(certFile)).toConfig());




    I am getting the following error:




    sun.security.validator.ValidatorException: No trusted certificate found




    How can I create necessary cert file here? I am new to SSL certificates too.



    My neo4j.conf file looks like below:




    dbms.directories.data=/var/lib/neo4j/data
    dbms.directories.plugins=/var/lib/neo4j/plugins
    dbms.directories.certificates=/var/lib/neo4j/certificates
    dbms.directories.logs=/var/log/neo4j
    dbms.directories.lib=/usr/share/neo4j/lib
    dbms.directories.run=/var/run/neo4j
    dbms.directories.metrics=/var/lib/neo4j/metrics



    dbms.directories.import=/var/lib/neo4j/import



    dbms.memory.heap.initial_size=512m dbms.memory.heap.max_size=512m



    dbms.connectors.default_listen_address=0.0.0.0
    dbms.connectors.default_advertised_address=X.X.X.X



    dbms.connector.bolt.enabled=true
    dbms.connector.bolt.tls_level=OPTIONAL
    dbms.connector.http.enabled=true dbms.connector.https.enabled=true



    bolt.ssl_policy=bigd



    dbms.ssl.policy.bigd.base_directory=/var/lib/neo4j/certificates/bigd
    dbms.ssl.policy.bigd.private_key=/var/lib/neo4j/certificates/bigd/private.key
    dbms.ssl.policy.bigd.public_certificate=/var/lib/neo4j/certificates/bigd/public.crt



    dbms.ssl.policy.bigd.client_auth=require




    private.key and public.crt I have created as below:




    sudo openssl req -newkey rsa:2048 -nodes -out neo4j.csr -keyout private.key sudo openssl x509 -req -days 3650 -in neo4j.csr -CA



    ca.cert -CAkey ca.key -set_serial 01 -out public.crt




    I have created certFile specified in the java code as follows:




    sudo openssl genrsa -out neo4j-client.key 2048 sudo openssl req -new -out neo4j-client.csr -key neo4j-client.key -subj "/CN=10.0.1.67/O=example.com" sudo openssl x509 -req -in



    neo4j-client.csr -CA ca.cert -CAkey ca.key -CAserial ./ca.srl -out



    neo4j-client.crt -days 3650




    I think I might be missing some configuration or I am not creating the certificates properly. How can I find out what I am missing?










    share|improve this question









    New contributor




    Debosmita is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.






















      up vote
      1
      down vote

      favorite









      up vote
      1
      down vote

      favorite











      I am a brand new user of Neo4J DB. I need to connect to the DB from my Java project. I am using neo4j-java-driver 1.6.3 for the same. I am using neo4j-enterprise edition 3.4.9 (installed via Debian repository in Ubuntu 16.04 ).



      I have managed to established the no-authentication connection and basic authentication connection. I am facing issue while connecting a SSL enabled server. I am trying to connect through the below code:




      Driver driver = GraphDatabase.driver(url, AuthTokens.basic(username, password), Config.build()
      .withTrustStrategy(Config.TrustStrategy.trustCustomCertificateSignedBy(certFile)).toConfig());




      I am getting the following error:




      sun.security.validator.ValidatorException: No trusted certificate found




      How can I create necessary cert file here? I am new to SSL certificates too.



      My neo4j.conf file looks like below:




      dbms.directories.data=/var/lib/neo4j/data
      dbms.directories.plugins=/var/lib/neo4j/plugins
      dbms.directories.certificates=/var/lib/neo4j/certificates
      dbms.directories.logs=/var/log/neo4j
      dbms.directories.lib=/usr/share/neo4j/lib
      dbms.directories.run=/var/run/neo4j
      dbms.directories.metrics=/var/lib/neo4j/metrics



      dbms.directories.import=/var/lib/neo4j/import



      dbms.memory.heap.initial_size=512m dbms.memory.heap.max_size=512m



      dbms.connectors.default_listen_address=0.0.0.0
      dbms.connectors.default_advertised_address=X.X.X.X



      dbms.connector.bolt.enabled=true
      dbms.connector.bolt.tls_level=OPTIONAL
      dbms.connector.http.enabled=true dbms.connector.https.enabled=true



      bolt.ssl_policy=bigd



      dbms.ssl.policy.bigd.base_directory=/var/lib/neo4j/certificates/bigd
      dbms.ssl.policy.bigd.private_key=/var/lib/neo4j/certificates/bigd/private.key
      dbms.ssl.policy.bigd.public_certificate=/var/lib/neo4j/certificates/bigd/public.crt



      dbms.ssl.policy.bigd.client_auth=require




      private.key and public.crt I have created as below:




      sudo openssl req -newkey rsa:2048 -nodes -out neo4j.csr -keyout private.key sudo openssl x509 -req -days 3650 -in neo4j.csr -CA



      ca.cert -CAkey ca.key -set_serial 01 -out public.crt




      I have created certFile specified in the java code as follows:




      sudo openssl genrsa -out neo4j-client.key 2048 sudo openssl req -new -out neo4j-client.csr -key neo4j-client.key -subj "/CN=10.0.1.67/O=example.com" sudo openssl x509 -req -in



      neo4j-client.csr -CA ca.cert -CAkey ca.key -CAserial ./ca.srl -out



      neo4j-client.crt -days 3650




      I think I might be missing some configuration or I am not creating the certificates properly. How can I find out what I am missing?










      share|improve this question









      New contributor




      Debosmita is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      I am a brand new user of Neo4J DB. I need to connect to the DB from my Java project. I am using neo4j-java-driver 1.6.3 for the same. I am using neo4j-enterprise edition 3.4.9 (installed via Debian repository in Ubuntu 16.04 ).



      I have managed to established the no-authentication connection and basic authentication connection. I am facing issue while connecting a SSL enabled server. I am trying to connect through the below code:




      Driver driver = GraphDatabase.driver(url, AuthTokens.basic(username, password), Config.build()
      .withTrustStrategy(Config.TrustStrategy.trustCustomCertificateSignedBy(certFile)).toConfig());




      I am getting the following error:




      sun.security.validator.ValidatorException: No trusted certificate found




      How can I create necessary cert file here? I am new to SSL certificates too.



      My neo4j.conf file looks like below:




      dbms.directories.data=/var/lib/neo4j/data
      dbms.directories.plugins=/var/lib/neo4j/plugins
      dbms.directories.certificates=/var/lib/neo4j/certificates
      dbms.directories.logs=/var/log/neo4j
      dbms.directories.lib=/usr/share/neo4j/lib
      dbms.directories.run=/var/run/neo4j
      dbms.directories.metrics=/var/lib/neo4j/metrics



      dbms.directories.import=/var/lib/neo4j/import



      dbms.memory.heap.initial_size=512m dbms.memory.heap.max_size=512m



      dbms.connectors.default_listen_address=0.0.0.0
      dbms.connectors.default_advertised_address=X.X.X.X



      dbms.connector.bolt.enabled=true
      dbms.connector.bolt.tls_level=OPTIONAL
      dbms.connector.http.enabled=true dbms.connector.https.enabled=true



      bolt.ssl_policy=bigd



      dbms.ssl.policy.bigd.base_directory=/var/lib/neo4j/certificates/bigd
      dbms.ssl.policy.bigd.private_key=/var/lib/neo4j/certificates/bigd/private.key
      dbms.ssl.policy.bigd.public_certificate=/var/lib/neo4j/certificates/bigd/public.crt



      dbms.ssl.policy.bigd.client_auth=require




      private.key and public.crt I have created as below:




      sudo openssl req -newkey rsa:2048 -nodes -out neo4j.csr -keyout private.key sudo openssl x509 -req -days 3650 -in neo4j.csr -CA



      ca.cert -CAkey ca.key -set_serial 01 -out public.crt




      I have created certFile specified in the java code as follows:




      sudo openssl genrsa -out neo4j-client.key 2048 sudo openssl req -new -out neo4j-client.csr -key neo4j-client.key -subj "/CN=10.0.1.67/O=example.com" sudo openssl x509 -req -in



      neo4j-client.csr -CA ca.cert -CAkey ca.key -CAserial ./ca.srl -out



      neo4j-client.crt -days 3650




      I think I might be missing some configuration or I am not creating the certificates properly. How can I find out what I am missing?







      java ssl neo4j openssl






      share|improve this question









      New contributor




      Debosmita is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question









      New contributor




      Debosmita is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question








      edited Nov 5 at 2:16





















      New contributor




      Debosmita is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked Nov 2 at 6:59









      Debosmita

      64




      64




      New contributor




      Debosmita is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      Debosmita is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      Debosmita is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





























          active

          oldest

          votes











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });






          Debosmita is a new contributor. Be nice, and check out our Code of Conduct.










           

          draft saved


          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53113939%2fssl-connectivity-from-neo4j-java-driver-1-6-3%23new-answer', 'question_page');
          }
          );

          Post as a guest





































          active

          oldest

          votes













          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          Debosmita is a new contributor. Be nice, and check out our Code of Conduct.










           

          draft saved


          draft discarded


















          Debosmita is a new contributor. Be nice, and check out our Code of Conduct.













          Debosmita is a new contributor. Be nice, and check out our Code of Conduct.












          Debosmita is a new contributor. Be nice, and check out our Code of Conduct.















           


          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53113939%2fssl-connectivity-from-neo4j-java-driver-1-6-3%23new-answer', 'question_page');
          }
          );

          Post as a guest




















































































          這個網誌中的熱門文章

          Xamarin.form Move up view when keyboard appear

          Post-Redirect-Get with Spring WebFlux and Thymeleaf

          Anylogic : not able to use stopDelay()