Mike, Thanks for the link. Given that the Neo4j configuration is limited to configuring trusted certificates from File sources, it looks like making that a component property is the best approach.
Regards, David Handermann On Wed, Oct 12, 2022 at 6:38 AM Mike Thomsen <mikerthom...@gmail.com> wrote: > Here's the example from the Neo4J client driver javadoc: > > > https://neo4j.com/docs/api/java-driver/current/org/neo4j/driver/Config.TrustStrategy.html#trustCustomCertificateSignedBy-java.io.File...- > > I think creating a custom component for Neo4J is the right move. It's > the only thing I've seen so far that requires a PEM and is > incompatible with a JKS or P12 file. > > Besides, graph is a fast evolving field so I would assume most graph > users take it for granted that we might need to break things to keep > up with their stacks. > > On Tue, Oct 11, 2022 at 3:12 PM David Handermann > <exceptionfact...@apache.org> wrote: > > > > Mike, > > > > Thanks for raising this issue, can you provide some links to the > > documentation and source code for Neo4j? > > > > Although the SSL Context Service supports direct access to the Keystore > and > > Trust Store properties, most use cases involve having the service > > instantiate an SSLContext. In this particular case, it may be better to > > specify those properties directly in a Neo4j component, as opposed to > > having an SSL Context Service that is essentially passing through > property > > values. > > > > Those are a couple initial thoughts, having some additional background > > would help evaluate the best approach. > > > > Regards, > > David Handermann > > > > On Tue, Oct 11, 2022 at 12:36 PM Mike Thomsen <mikerthom...@gmail.com> > > wrote: > > > > > Neo4J for some reason doesn't support the standard Java keystore types > > > or P12 files for its client SSL configuration. It requires the use of > > > PEM files. Would it be better to extend the SSLContext service types > > > to include support for PEM files or create an all new SSL Provider > > > type that is geared toward only reading from PEM files? > > > > > > Thanks, > > > > > > Mike > > > >
