1.4.2 Using a Self-Signed Server Certificate

Starting with Graph Server and Client Release 21.1, the RPM file installation generates a self-signed certificate into /etc/oracle/graph, which the server uses to enable TLS by default.

If self-signed certificates are sufficient for you to get started and if your connections are only to localhost, you can skip to Configuring a Client to Trust the Self-Signed Certificate.

• Generating a Self-Signed Server Certificate
  You can create a self-signed server certificate using the openssl command.
• Configuring the Graph Server (PGX)
  You must specify the path to the server certificate and the server's private key in PEM format in the graph server (PGX) configuration file.
• Configuring a Client to Trust the Self-Signed Certificate
  You must configure your client application to accept the self-signed graph server (PGX) certificate.