14.4.2 Using a Self-Signed Server Certificate
This section describes the steps to generate a self-signed certificate into
/etc/oracle/graph
and configure the graph server (PGX) to
use this certificate.
- Generating a Self-Signed Server Certificate
You can create a self-signed server certificate using theopenssl
command. - Configuring the Graph Server (PGX)
You must specify the path to the server certificate and the server's private key in PEM format in the graph server (PGX) configuration file. - Configuring a Client to Trust the Self-Signed Certificate
You must configure your client application to accept the self-signed graph server (PGX) certificate.
Parent topic: Setting Up Transport Layer Security
14.4.2.1 Generating a Self-Signed Server Certificate
You can create a self-signed server certificate using the openssl
command.
Parent topic: Using a Self-Signed Server Certificate
14.4.2.2 Configuring the Graph Server (PGX)
You must specify the path to the server certificate and the server's private key in PEM format in the graph server (PGX) configuration file.
Note:
If you deploy the graph server into your web server using the web applications download package, then this section does not apply. Please refer to the manual of your web server for instructions on how to configure TLS.Parent topic: Using a Self-Signed Server Certificate
14.4.2.3 Configuring a Client to Trust the Self-Signed Certificate
You must configure your client application to accept the self-signed graph server (PGX) certificate.
- For a Java or a Python client, you must import the root certificate
to all the Java installations used by all the clients.
Note:
The JShell client requires Java 11 or later. - For the Graph Visualization application, you must import the root certificate to the system Java installation of the environment running the graph server (PGX) or the web server serving the graph visualization application. That is, the JDK installation which is used by the OS user running the server that serves the Graph Visualization application.
- For the Graph Zeppelin interpreter client, you must import the root certificate to the Java installation used by the Zeppelin server.
You can import the root certificate as shown in the following step:
Parent topic: Using a Self-Signed Server Certificate