I want to add some follow-up and fix instructions. Here's a config snippet with some relevant things:
dbms.ssl.policy.bolt.enabled=true
dbms.ssl.policy.bolt.client_auth=NONE
dbms.ssl.policy.https.enabled=true
dbms.ssl.policy.https.client_auth=NONE
dbms.connector.https.enabled=true
dbms.connector.bolt.tls_level=REQUIRED
Two things to get this working with SSCs, that is without getting signed certs.
- First, make sure to set client_auth to NONE as in the example above. The product default is asking the client to pass certs, which is gumming up the process. We'll look to fix this in the next cloud release.
- Second - different browsers handle these policy issues differently. In Chrome, when you "Trust" the HTTPS cert, it does not trust the cert on port 7687. This is relevant because Neo4j Browser makes a connection on the bolt port. So you have to convince Chrome to accept the cert on port 7687 as well.
To accomplish this, first make sure you've disabled client auth. Then, visit https://myhost:7687 -- we don't really care what this page has (in fact the page will be broken because HTTPS isn't bolt) -- but it will prompt Chrome to get you to accept the cert on this port. Once that's done, you should be able to log in with an SSC using HTTPS. This time the login will succeed, because Chrome trusts the same cert on port 7687. Browser will make that connection, and it will work.
Hope this helps.