Enabling TLSv1.2 with IBM JDK9

Neo4j 3.4.0 only supports TLSv1.2 by default. IBM JDK9 uses the TLSv1 protocol by default. When attempting to run cypher-shell, users will be unable to connect to Neo4j. To enable TLSv1.2 in the IBM JDK, set the following JAVA OPT:… Read more →

Explore:  


Explanation of data/log/console.log error of ‘TLS certificate error occurred, unable to start server: Neither RSA, DSA nor EC worked…​’

On bin/neo4j start the data/log/console.log may log an error similar to 2016-01-04 13:32:44.589-0500 INFO Successfully shutdown database 13:33:06.856 [main] DEBUG i.n.u.i.l.InternalLoggerFactory – Using SLF4J as the default logging framework 2016-01-04 13:33:07.437-0500 ERROR Failed to start Neo4j: TLS certificate error occurred, unable… Read more →

Explore:  


TLS/SSL Configuration for Specific Ciphers

Per documentation: dbms.ssl.policy.<policyname>.ciphers is by default set to the Java platform default allowed cipher suites, which can also be explicitly set to any specific ciphers (separated by “,”) to further restrict list of allowed ciphers, thus enabling us to enforce… Read more →

Explore:  


Creating and configuring database-local roles

Neo4j 4.0 introduced advanced security features in the form of role-based access controls, much needed, especially with the introduction of multiple database functionality. These controls can be accessed by administrators on the system database, present on every Neo4j instance. The… Read more →

Explore:  


Neo4j Docker image cannot run on kubernetes as non root user

In Kubernetes (K8S) various levels of security can be set which apply cluster-wide to Pods running containers. One of which is a policy which prevents containers within a Pod to be executed/run as root user (runAsNonRoot). If this config is… Read more →

Explore:  


Useful Cypher statements for suspending and reactivating users

Commencing with Neo4j 3.1 and implementaion of native database users it is possible to suspend a user, thus preventing the user from further authenticating in. To view all suspended users run the following Cypher call dbms.security.listUsers() yield username, flags with… Read more →

Explore:  


A lightweight approach to testing the Neo4j REST API with Authentication

This article will show examples of how to test the Neo4j REST API for authentication via: Google Chrome Advanced REST Client Linux curl command The Neo4j REST API describes each of the commands you can submit to the Neo4j server. The example… Read more →

Explore:  


How to configure mixed-mode security (native and LDAP) in Neo4j

For environments where you need both LDAP authentication as well as some native user accounts, there is a way to allow this in Neo4j 3.1 and newer. Use the configuration setting dbms.security.auth_providers instead of the singular version dbms.security.auth_provider. This will… Read more →

Explore:  


LDAP Error: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

When configuring LDAP with certificates you may encounter the following issue: 2018-12-24 08:11:14.788+0000 ERROR [someuser]: failed to log in: invalid principal or credentials (LDAP naming error while attempting to authenticate user.) (neo4j01.test.dom:636) (sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to… Read more →

Explore:  


Explanation of error on session connection using uniform drivers

As described by http://neo4j.com/docs/developer-manual/current/drivers/#_trust, when establishing an encrypted connection, it needs to be verified that the remote peer is who we expected to connect to. The default connection is to ‘Trust on first use’ and to do so indicates that… Read more →

Explore:  


Explanation of error: procedure is not available due to having restricted access rights, check configuration

Commencing with Neo4j 3.2 when running a stored procedure, for example call apoc.warmup.run(); this may error with apoc.warmup.run is not available due to having restricted access rights, check configuration. The cause of this error is as a result of not… Read more →

Explore:  


Neo4j Security Benchmark

Overview: This document, Neo4j Security Benchmark, provides prescriptive guidance for establishing a secure configuration posture for Neo4j Enterprise Edition versions 3.5.0 and higher. This guide was tested against Neo4j 3.5.0 running on Ubuntu Linux 18.04, but applies to other Linux… Read more →

Explore:  


How to set up SSL communcation when running Neo4j within a Docker Container

Neo4j 3.2 added a Unified SSL Framework to setup secure connections for Bolt, HTTPS and Intra-Cluster Encryption. Details on this framework can be found at: https://neo4j.com/docs/operations-manual/current/security/ssl-framework/ Setting up secure Bolt and HTTPS communications when running Neo4j within a Docker Container… Read more →

Explore: