I am trying to set up community server 4.0 with HTTPS front end and TLS/SSL enabled bolt connections, running on RedHat EL 7. I think it was working fine with self-signed certs, but since I switched it to use certificates obtained from InCommon, I've experienced problems getting the browser-based client to talk to the database.
One possible issue is the fact that these certificates require intermediate certificates before they reach a root authority. We tried several ways of copying the certification chain into the certificate, but each thing we did resulted in the server starting without listening on the https or the bolt port. There don't seem to be any updates to the testing code for this in 7 years. I'm not sure if that means that it Just Works (in which case I could use a pointer to some docs on how to make a suitable cert file) or if the test is just not actually testing anything any more.
When I use a normal host certificate the server started ok, listening on both https and bolt ports. I can point chrome at it and get the JS based client. But when I try to log into the client I get the "ServiceUnavailable: WebSocket connection failure. Due to security constraints..." error. When I look in the console I see "WebSocket opening handshake was canceled" coming from neo4j-driver.chunkhash.bundle.js. Most of the answers I've seen online about this indicate that it's an indication of SSL issues, but chrome doesn't have a problem talking the https server. Any ideas?
Thanks,
Eric