Hi,
I have a simple NodeJS application that I want to connect to Neo4j DB.
I have Neo4j with TLS and Neo4j Browser and Neodash works.
Certificate is issued by our internal PKI solution with RootCA and immediate CA.
The code currently looks like:
const certPaths = [
'certs/MyOrgCAv2Test2023.pem',
'certs/MyOrgRootTest2021.pem'
];
const certs = certPaths.map(certPath => {
if (!fs.existsSync(certPath)) {
console.error(`Certificate file not found: ${certPath}`);
process.exit(1); // Exit the process if a certificate file is missing
}
return fs.readFileSync(certPath, 'utf8');
});
console.log(process.env.NEO4J_URI); // NEO4J_URI=bolt+s://localhost:7687
// Connect to Neo4j
const driver = neo4j.driver(
process.env.NEO4J_URI,
neo4j.auth.basic(process.env.NEO4J_USER, process.env.NEO4J_PASSWORD),
{
encryption: 'ENCRYPTION_ON',
//trustedCertificates: certs,
trustedCertificates: certPaths
}
);
But I get:
Neo4jError: Failed to connect to server.
Please ensure that your database is listening on the correct host and port and that you have compatible encryption settings both on Neo4j server and driver.
Note that the default encryption setting has changed in Neo4j 4.0.
Caused by: Server certificate is not trusted.
If you trust the database you are connecting to, use TRUST_CUSTOM_CA_SIGNED_CERTIFICATES
and add the signing certificate, or the server certificate, to the list of certificates
trusted by this driver using `neo4j.driver(.., { trustedCertificates:['path/to/certificate.crt']}).
This is a security measure to protect against man-in-the-middle attacks.
If you are just trying Neo4j out and are not concerned about encryption, simply disable it
using `encrypted="ENCRYPTION_OFF"` in the driver options.
Socket responded with: UNABLE_TO_VERIFY_LEAF_SIGNATURE
This not a production setup.
Do you have any ideas on solution?
/ Joacim
