Certificate issue with Python driver for neoj4 v4.0

I'm pulling an exception that appears to be a certificate issue while attempting to run the "Hello World" example from the standard python driver. Here's the stack:

File "/opt/hex_0.0.1/sitepackages/Test/Tooling/HexStore/neo4jHelloWorld.py", line 24, in <module>
  example = HelloWorldExample('bolt://', 'neo4j', 'neo4j')
File "/opt/hex_0.0.1/sitepackages/Test/Tooling/HexStore/neo4jHelloWorld.py", line 6, in __init__
  self._driver = GraphDatabase.driver(uri, auth=(user, password))
File "/usr/local/lib/python3.6/site-packages/neo4j/__init__.py", line 120, in driver
  return Driver(uri, **config)
File "/usr/local/lib/python3.6/site-packages/neo4j/__init__.py", line 161, in __new__
  return subclass(uri, **config)
File "/usr/local/lib/python3.6/site-packages/neo4j/__init__.py", line 235, in __new__
File "/home/hex/.local/lib/python3.6/site-packages/neobolt/direct.py", line 715, in acquire
  return self.acquire_direct(self.address)
File "/home/hex/.local/lib/python3.6/site-packages/neobolt/direct.py", line 608, in acquire_direct
  connection = self.connector(address, error_handler=self.connection_error_handler)
File "/usr/local/lib/python3.6/site-packages/neo4j/__init__.py", line 232, in connector
  return connect(address, **dict(config, **kwargs))
File "/home/hex/.local/lib/python3.6/site-packages/neobolt/direct.py", line 972, in connect
  raise last_error
File "/home/hex/.local/lib/python3.6/site-packages/neobolt/direct.py", line 963, in connect
  s, der_encoded_server_certificate = _secure(s, host, security_plan.ssl_context, **config)
File "/home/hex/.local/lib/python3.6/site-packages/neobolt/direct.py", line 859, in _secure
  raise error

neobolt.exceptions.SecurityError: Failed to establish secure connection to 'EOF occurred in violation of protocol (_ssl.c:852)'

I've installed neo4j on a CentOS 7 guest VM running on a Windows 10 pro host system. There are plenty of resources (CPU, RAM, disk, etc).

I don't want or need the complexity of SSL in this exercise -- I'm coding up a smoke-test to see if neo4j will work for the project I'm working on. I've disabled SSL in neo4j.conf -- it looks very much as if the standard Python driver insists on using SSL/TLS to connect to bolt on 7687.

Is there some way to configure either the python driver, neo4j, or both so that no certificates are needed?

Is there some way to use a self-signed cert that's enough to satisfy neo4j/bolt? I've read the helpful medium article (Getting Certificates for Neo4j with LetsEncrypt | by David Allen | Neo4j Developer Blog | Medium), but that's talking about a full-blown certificate from LetsEncrypt. I think that means I'd need to open a port on router, use a dynamic IP service of some sort, and add a subdomain to Route53, and expose this machine to the jungle. I don't want to do that.

Found the answer, buried in another forum post:

self._driver = GraphDatabase.driver(uri, auth=(user, password), encrypted=False)

Note the "encrypted=False" added to the constructor.

I would have had a MUCH easier time if this had been in "Hello World" example.

1 Like