Neo4j 4.3.10 config https fail

configure https using ssl error

  • neo4j version : 4.3.10

1. i want to using GraphXR to connect neo4j ,the failed resson is :

vendor.bundle.js?v=2.13.0-434a7028:56 WebSocket connection to 'wss://x.x.x.x:7687/' failed: Error in connection establishment: net::ERR_CERT_INVALID
n @ vendor.bundle.js?v=2.13.0-434a7028:56
(anonymous) @ vendor.bundle.js?v=2.13.0-434a7028:56
... 
Mixed Content: The page at https://graphxr.kineviz.com/projects 
 was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint ws://x.x.x.x:7687/  This request has been blocked; this endpoint must be available over WSS.

2. so i vim the conf/neo4j.conf ,enable https and bolt but althouth failed ,there is my conf:

# Bolt connector
dbms.connector.bolt.enabled=true
dbms.connector.bolt.tls_level=OPTIONAL
dbms.connector.bolt.listen_address=:7687
dbms.connector.bolt.advertised_address=:7687

# HTTP Connector. There can be zero or one HTTP connectors.
dbms.connector.http.enabled=true
dbms.connector.http.listen_address=:7474
dbms.connector.http.advertised_address=:7474

# HTTPS Connector. There can be zero or one HTTPS connectors.
dbms.connector.https.enabled=true
dbms.connector.https.listen_address=:7473
dbms.connector.https.advertised_address=:7473

# Bolt SSL configuration
dbms.ssl.policy.bolt.enabled=true
dbms.ssl.policy.bolt.base_directory=certificates/bolt
dbms.ssl.policy.bolt.private_key=private.key
dbms.ssl.policy.bolt.public_certificate=public.crt
dbms.ssl.policy.bolt.client_auth=OPTIONAL

# Https SSL configuration
dbms.ssl.policy.https.enabled=true
dbms.ssl.policy.https.base_directory=certificates/https
dbms.ssl.policy.https.private_key=private.key
dbms.ssl.policy.https.public_certificate=public.crt
dbms.ssl.policy.https.client_auth=OPTIONAL

3. the step of ssl certified is :

#ca
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.pem
# server
openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr 
# ca --> server
openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca.key -set_serial 01 -out server.pem

openssl x509  -in server.pem -out public.crt
openssl rsa -in server.key -inform PEM -out private.key 

can you give some advice to solve the problem ?