Resolve TLS certificate errors

TLS encryption is required everywhere. This is a compilation of few errors you can expect while configuring your server. openssl command is required to diagnose or manipulate the certificates. Check the permission on the folder neo4j might run as a… Read more →

Explore:  


Creating and configuring database-local roles

Neo4j 4.0 introduced advanced security features in the form of role-based access controls, much needed, especially with the introduction of multiple database functionality. These controls can be accessed by administrators on the system database, present on every Neo4j instance. The… Read more →

Explore:  


TLS/SSL Configuration for Specific Ciphers

Per documentation: dbms.ssl.policy.<policyname>.ciphers is by default set to the Java platform default allowed cipher suites, which can also be explicitly set to any specific ciphers (separated by “,”) to further restrict list of allowed ciphers, thus enabling us to enforce… Read more →

Explore:  


LDAP Error: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

When configuring LDAP with certificates you may encounter the following issue: 2018-12-24 08:11:14.788+0000 ERROR [someuser]: failed to log in: invalid principal or credentials (LDAP naming error while attempting to authenticate user.) (neo4j01.test.dom:636) (sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to… Read more →

Explore:  


Explanation of error “javax.net.ssl.SSLException: Received fatal alert: certificate_unknown”

When connecting to a Neo4j instance with the Neo4j Browser, the following error may be logged in the $NEO4J_HOME\logs\debug.log 2020-06-20 13:33:13.039-0400 ERROR [o.n.b.t.TransportSelectionHandler] Fatal error occurred when initialising pipeline: [id: 0x59d02719, L:/12.31.54.51:5502 ! R:/192.168.9.5:55140] javax.net.ssl.SSLException: Received fatal alert: certificate_unknown io.netty.handler.codec.DecoderException:… Read more →

Explore: