1. Graph Developer's Guide for Property Graph
  2. Getting Started with Oracle Property Graphs
  3. Property Graph Support Overview
  4. Setting Up Transport Layer Security
  5. Configuring a Client to Trust the Self-Signed Certificate

1.4.3 Configuring a Client to Trust the Self-Signed Certificate

You must configure your client application to accept the self-signed graph server (PGX) certificate.

To configure a client to trust the self-signed certificate, the root certificate must be imported to your Java installation local trust store.
  • For a Java or a Python client, you must import the root certificate to all the Java installations used by all the clients.

    Note:

    The JShell client requires Java 11.
  • For the Graph Visualization application, you must import the root certificate to the system Java installation of the environment running the graph server (PGX) or the web server serving the graph visualization application. That is, the JDK installation which is used by the OS user running the server that serves the Graph Visualization application.
  • For the Graph Zeppelin interpreter client, you must import the root certificate to the Java installation used by the Zeppelin server.

You can import the root certificate as shown in the following step:

  1. Execute the following command as a root user or with sudo:
    1. For Java 8 (make sure JAVA_HOME is set):
      sudo keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -alias pgx -file /etc/oracle/graph/ca_certificate.pem -noprompt
    2. For Java 11 (make sure JAVA11_HOME is set):
      sudo keytool -import -trustcacerts -keystore $JAVA11_HOME/lib/security/cacerts -storepass changeit -alias pgx -file /etc/oracle/graph/ca_certificate.pem -noprompt
    where changeit is the sample keystore password. You can change this password to a password of your choice. Be sure to remember this password as you will need it to modify the certificate.
    1. If you are upgrading the graph server from a previous release, you must first delete the certificate by excecuting the following command appropriate to your Java version. You must run the command using sudo or as a root user:

      For Java 8:

      sudo keytool -delete -alias pgx -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit

      For Java 11:

      sudo keytool -delete -alias pgx -keystore $JAVA11_HOME/lib/security/cacerts -storepass changeit
    2. Import the new certificate as shown in the preceding step.

Parent topic: Setting Up Transport Layer Security