如何在 Neo4j 中使用 SSL 证书而不是自签名证书(或 snakeoil.cert) [英] How to use SSL certificates in Neo4j instead of self-signed certificates (or snakeoil.cert)

查看:64
本文介绍了如何在 Neo4j 中使用 SSL 证书而不是自签名证书(或 snakeoil.cert)的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

对于生产 Neo4j 服务器,我需要使用非自签名 SSL 证书.我将在下面的回复中发布经验教训.

For a production Neo4j server I need to use a SSL certificate that is not self-signed. I will post lessons learned in the response below.

推荐答案

sudo vi/etc/neo4j/neo4j-server.properties

sudo vi /etc/neo4j/neo4j-server.properties 

uncomment org.neo4j.server.webserver.address=0.0.0.0
check: org.neo4j.server.webserver.https.enabled=true
check: org.neo4j.server.webserver.https.port=7473
change: org.neo4j.server.webserver.https.cert.location=/var/ssl/neo4j/server.crt
change: org.neo4j.server.webserver.https.key.location=/var/ssl/neo4j/server.key

现在设置对 https 的访问注意:私钥和证书都需要是DER格式

now set up access to https note: both the private key and the certificate need to be in DER format

openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr

让 server.csr(证书签名请求)由您选择的证书颁发机构签名.

Have server.csr (the certificate signing request) signed by the Certificate Authority of your choice.

要安装签名证书,请将其保存为 server.pem 并执行以下操作:

To install the signed certificate, save it as server.pem and execute the following:

sudo mkdir -p /var/ssl/neo4j
sudo openssl x509 -outform der -in server.pem -out /var/ssl/neo4j/server.crt
sudo openssl rsa -in server.key -inform PEM -out /var/ssl/neo4j/server.key -outform DER

这篇关于如何在 Neo4j 中使用 SSL 证书而不是自签名证书(或 snakeoil.cert)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆