Configuring the Graph Server (PGX) When Using a Server Keystore

You must specify the path to the server keystore in the graph server (PGX) configuration file.

Note:

If you deploy the graph server into your web server using the web applications download package, then this section does not apply. Please refer to the manual of your web server for instructions on how to configure TLS.

1. Edit the file at /etc/oracle/graph/server.conf to specify server keystore alias, server keystore provider, server keystore type and the path to the server keystore as shown:

   {
     "port": 7007,
     "enable_tls": true,
     "enable_client_authentication": false,
     "server_keystore": "/etc/oracle/graph/server_keystore.jks",
     "server_keystore_alias": "pgx",
     "server_keystore_type": "PKCS12",
     "server_keystore_provider": "SUN",
     "ca_certs": [],
     "working_dir": "/opt/oracle/graph/pgx/tmp_data"
   }

2. Set the keystore password using an OS environment variable called PGX_SERVER_KEYSTORE_PASSWORD or with a java property called pgx.SERVER_KEYSTORE_PASSWORD.

   For example, to set the keystore password in PGX_SERVER_KEYSTORE_PASSWORD, edit the file at /etc/systemd/system/pgx.service as shown:

   [Service]
   Environment="PGX_SERVER_KEYSTORE_PASSWORD=<keystore_password>"

3. Reload the systemd configuration by running the following command:

   sudo systemctl daemon-reload

4. Restart the graph server.

   Note:

   • You should use a certificate issued by a certificate authority (CA) which is trusted by your organization. If you do not have a CA certificate, you can temporarily create a self-signed certificate and get started.
   • Always use a valid certificate trusted by your organization. We do not recommend the usage of self-signed certificates for production environments.