1.4 Setting Up Transport Layer Security

The graph server (PGX), by default, allows only encrypted connections using Transport Layer Security (TLS). TLS requires the server to present a server certificate to the client and the client must be configured to trust the issuer of that certificate.

Starting with Graph Server and Client Release 21.1, the RPM file installation generates a self-signed certificate into /etc/oracle/graph, which the server uses to enable TLS by default. If self-signed certificates are sufficient for you to get started and if your connections are only to localhost, you can skip to Configuring a Client to Trust the Self-Signed Certificate .