配置neo4j bolt+s ssl
创建证书
创建证书参考这篇文章
将创建好的证书文件rootCA.crt, server.key, server.crt放到/etc/neo4j/certificates/bolt/ 和 /etc/neo4j/certificates/https/下
更改权限
sudo chown -R neo4j:neo4j /etc/neo4j/certificates/bolt/
sudo chmod -R 755 /etc/neo4j/certificates/https/
配置neo4j ssl
# Bolt connector
dbms.connector.bolt.address=hostname:7687
dbms.connector.bolt.enabled=true
dbms.connector.bolt.tls_level=REQUIRED
dbms.connector.bolt.listen_address=hostname:7687
dbms.connector.bolt.advertised_address=hostname:7687
# HTTP Connector. There can be zero or one HTTP connectors.
dbms.connector.http.enabled=true
dbms.connector.http.listen_address=:7473
#dbms.connector.http.advertised_address=:7473
# HTTPS Connector. There can be zero or one HTTPS connectors.
dbms.connector.https.enabled=true
dbms.connector.https.listen_address=:7474
#dbms.connector.https.advertised_address=:7474
# SSL
# Bolt SSL configuration
dbms.ssl.policy.bolt.enabled=true
dbms.ssl.policy.bolt.base_directory=certificates/bolt
dbms.ssl.policy.bolt.private_key=key file
dbms.ssl.policy.bolt.public_certificate=crt file
#dbms.ssl.policy.bolt.client_auth=NONE
# Https SSL configuration
dbms.ssl.policy.https.enabled=true
dbms.ssl.policy.https.base_directory=certificates/https
dbms.ssl.policy.https.private_key=key file
dbms.ssl.policy.https.public_certificate=crt file
#dbms.ssl.policy.https.client_auth=NONE
重启下neo4j
查看neo4j ui页面
springboo项目连接neo4j bolt+s ssl
导入rootCA.crt证书到 jdk cacerts
keytool -import -alias yourAliasName -file /etc/neo4j/certificates/https//rootCA.crt -keystore jdk_home/lib/security/cacerts
配置连接
不同的证书连接的uri也会不一样,这里我们用的是self-signed certificate, 所以是bolt+ssc
参考:Connect with SSL over Bolt
启动springboot项目