Neo4j

Neo4j

关注
发信
关注(28)粉丝(399)

如何在Neo4j中使用自定义的自签名证书(而不是snakeoil.cert)?

本文介绍了如何在Neo4j中使用自定义的自签名证书(而不是snakeoil.cert)?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

最近,我遇到了生成不绑定Neo4j中的0.0.0.0的自定义证书的问题.事实证明,与文档相反,Neo4j期望公钥和私钥都使用DER证书.

Recently I ran into the problem of generating a custom certificate that does not bind to 0.0.0.0 in Neo4j. It turns out that Neo4j - in contrast to the documentation - expects DER certificates for both the public and private key.

我将发布针对该问题的经验教训.

I will post lessons learned in respons to this question.

Rob

推荐答案

sudo vi/etc/neo4j/neo4j-server.properties

sudo vi /etc/neo4j/neo4j-server.properties 

uncomment org.neo4j.server.webserver.address=0.0.0.0
check: org.neo4j.server.webserver.https.enabled=true
check: org.neo4j.server.webserver.https.port=7473
change: org.neo4j.server.webserver.https.cert.location=/var/ssl/neo4j/server.crt
change: org.neo4j.server.webserver.https.key.location=/var/ssl/neo4j/server.key

现在设置对https的访问权限注意:私钥和证书都必须为DER格式

now set up access to httpsnote: both the private key and the certificate need to be in DER format

openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.pem
openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca.key -set_serial 01 -out server.pem
sudo mkdir -p /var/ssl/neo4j
sudo openssl x509 -outform der -in server.pem -out /var/ssl/neo4j/server.crt
sudo openssl rsa -in server.key -inform PEM -out /var/ssl/neo4j/server.key -outform DER

另请参阅[我的笔记]( http://www.blaeu.com/nl /doku.php/Notes )

See also [my notes] (http://www.blaeu.com/nl/doku.php/Notes)

这篇关于如何在Neo4j中使用自定义的自签名证书(而不是snakeoil.cert)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

11-03 11:52
Powered by LMLPHP ©2024 Neo4j 0.005062