Configuring SSL Connections

Note:

In this documentation, "SSL" indicates both TLS (Transport Layer Security) and SSL (Secure Sockets Layer). The connector supports industry-standard versions of TLS/SSL.

If you are connecting to a Neo4j server that has SSL enabled, you can configure the connector to connect to an SSL-enabled socket. When connecting to a server over SSL, the connector uses one-way authentication to verify the identity of the server.

You provide the configuration information to the connector in the connection URL. For more information about the syntax of the connection URL, see Building the Connection URL.

To configure an SSL connection:

  1. Set the SSL property to true.
  2. To perform host name verification, set the sslVerifyHostname property to true.
  3. Depending on the trust store strategy you want to use, set the sslTrustStrategy property to one of the following:
    • To trust all certificates, set the property to TRUST_ALL_CERTIFICATES.
    • To trust only certificates that have been signed by a trusted authority, set the property to TRUST_CUSTOM_CA_SIGNED_CERTIFICATES.
    • To use the system trust store certificates, set the property to TRUST_SYSTEM_CA_SIGNED_CERTIFICATES.
  4. If you set the sslTrustStrategy property to TRUST_CUSTOM_CA_SIGNED_CERTIFICATES, set the sslCustomCertPath property to the full path of the TrustStore that you want to use.

For example:

jdbc:neo4j://archimedes:7687/mydata?SSL=true&sslVerifyHostname=true&sslTrustStrategy=TRUST_CUSTOM_CA_SIGNED_CERTIFICATES&sslCustomCertPath=C:\\TrustStore