1.4 Setting Up Transport Layer Security

The graph server (PGX), by default, allows only encrypted connections using Transport Layer Security (TLS). TLS requires the server to present a server certificate to the client and the client must be configured to trust the issuer of that certificate.

Starting with Graph Server and Client Release 21.1, the RPM file installation generates a self-signed certificate into /etc/oracle/graph, which the server uses to enable TLS by default. If self-signed certificates are sufficient for you to get started and if your connections are only to localhost, you can skip to Configuring a Client to Trust the Self-Signed Certificate .

• Generating a Self-Signed Server Certificate
  You can create a self-signed server certificate using the openssl command.
• Configuring the Graph Server (PGX)
  You must specify the path to the server certificate and the server's private key in PEM format in the graph server (PGX) configuration file.
• Configuring a Client to Trust the Self-Signed Certificate
  You must configure your client application to accept the self-signed graph server (PGX) certificate.