SSL Connectivity from neo4j-java-driver 1.6.3 - Help needed

connection

(Debosmita Ray2009) #1

Hi,
I am a brand new user of Neo4J DB. I need to connect to the DB from my java project. I am using neo4j-java-driver 1.6.3 for the same. I am using neo4j-enterprise edition 3.4.9 (installed via Debian repository in ubuntu 16.04 ).

I have managed to established the no-authentication connection and basic authentication connection. I am facing issue while connecting a SSL enabled server.
I am trying to connect through the below code:

Driver driver = GraphDatabase.driver(url, AuthTokens.basic(username, password),
Config.build()
.withTrustStrategy(Config.TrustStrategy.trustCustomCertificateSignedBy(certFile)).toConfig());

I am getting the following error:

sun.security.validator.ValidatorException: No trusted certificate found

If someone can help to create necessary cert file here. I am new to SSL certificates too.

My neo4j.conf file looks like below:

dbms.directories.data=/var/lib/neo4j/data
dbms.directories.plugins=/var/lib/neo4j/plugins
dbms.directories.certificates=/var/lib/neo4j/certificates
dbms.directories.logs=/var/log/neo4j
dbms.directories.lib=/usr/share/neo4j/lib
dbms.directories.run=/var/run/neo4j
dbms.directories.metrics=/var/lib/neo4j/metrics

dbms.directories.import=/var/lib/neo4j/import

dbms.memory.heap.initial_size=512m
dbms.memory.heap.max_size=512m

dbms.connectors.default_listen_address=0.0.0.0
dbms.connectors.default_advertised_address=X.X.X.X

dbms.connector.bolt.enabled=true
dbms.connector.bolt.tls_level=OPTIONAL
dbms.connector.http.enabled=true
dbms.connector.https.enabled=true

bolt.ssl_policy=bigd

dbms.ssl.policy.bigd.base_directory=/var/lib/neo4j/certificates/bigd
dbms.ssl.policy.bigd.private_key=/var/lib/neo4j/certificates/bigd/private.key
dbms.ssl.policy.bigd.public_certificate=/var/lib/neo4j/certificates/bigd/public.crt

dbms.ssl.policy.bigd.client_auth=require

private.key and public.crt I have created as below:
> sudo openssl req -newkey rsa:2048 -nodes -out neo4j.csr -keyout private.key
> sudo openssl x509 -req -days 3650 -in neo4j.csr -CA ca.cert -CAkey ca.key -set_serial 01 -out public.crt

I have created certFile specified in the java code as follows:
> sudo openssl genrsa -out neo4j-client.key 2048
> sudo openssl req -new -out neo4j-client.csr -key neo4j-client.key -subj "/CN=10.0.1.67/O=example.com"
> sudo openssl x509 -req -in neo4j-client.csr -CA ca.cert -CAkey ca.key -CAserial ./ca.srl -out neo4j-client.crt -days 3650

I think I might not be missing some configuration or I am not creating the certificates properly. Please help me to find out what I am missing.