1.4 Setting Up Transport Layer Security
The graph server (PGX), by default, allows only encrypted connections using Transport Layer Security (TLS). TLS requires the server to present a server certificate to the client and the client must be configured to trust the issuer of that certificate.
Starting with Graph Server and Client Release 22.3, you can create a server keystore to contain the server certificate and server private key. You can then configure the graph server to use this keystore.
In this release of Graph Server and Client, the RPM file
installation will continue to generate a self-signed certificate into
/etc/oracle/graph
, as the default option for the server to enable TLS.
However, it is important to note that the server configuration fields,
server_cert
and server_private_key
are deprecated in the
current Graph Server and Client Release 22.3 and will be desupported in a future release.
After that, you will be required to use the server keystore to store the server certificate
and the server private key.
- Using a Self-Signed Server Keystore
This section describes the steps to generate a self-signed keystore into/etc/oracle/graph
and configure the graph server (PGX) and client to use the keystore. - Using a Self-Signed Server Certificate
Starting with Graph Server and Client Release 21.1, the RPM file installation generates a self-signed certificate into/etc/oracle/graph
, which the server uses to enable TLS by default.
Parent topic: Property Graph Support Overview