1.4 Setting Up Transport Layer Security
The graph server (PGX), by default, allows only encrypted connections using Transport Layer Security (TLS). TLS requires the server to present a server certificate to the client and the client must be configured to trust the issuer of that certificate.
Starting with Graph Server and Client Release 21.1, the RPM file installation
generates a self-signed certificate into /etc/oracle/graph
, which the
server uses to enable TLS by default. If self-signed certificates are sufficient for you
to get started and if your connections are only to localhost
, you can
skip to Configuring a Client to Trust the Self-Signed Certificate .
- Generating a Self-Signed Server Certificate
You can create a self-signed server certificate using theopenssl
command. - Configuring the Graph Server (PGX)
You must specify the path to the server certificate and the server's private key in PEM format in the graph server (PGX) configuration file. - Configuring a Client to Trust the Self-Signed Certificate
You must configure your client application to accept the self-signed graph server (PGX) certificate.
Parent topic: Property Graph Support Overview