Neo4j 服务器证书不受信任
Neo4j Server certificate is not trusted
我刚刚在 Google 云上的虚拟机上设置了我的 Neo4j 服务器,我使用的是企业版 4.1.1,并且我已经完成了 post(here) 由 David Allen 关于如何使用 LetsEncrypt 获得证书。
这一切都运行良好,我现在拥有一个完全安全的 Neo4j 服务器,我可以使用我的主机名通过浏览器 (MYDOMAIN.COM:7473/browser) 访问它。但是,我现在无法让我的应用程序使用 javascript 驱动程序连接到服务器。
我不断收到以下错误:
Failed to connect to server. Please ensure that your database is
listening on the correct host and port and that you have compatible
encryption settings both on Neo4j server and driver. Note that the
default encryption setting has changed in Neo4j 4.0. Caused by: Server
certificate is not trusted. If you trust the database you are
connecting to, use TRUST_CUSTOM_CA_SIGNED_CERTIFICATES and add the
signing certificate, or the server certificate, to the list of
certificates trusted by this driver using neo4j.driver(.., {
trustedCertificates:['path/to/certificate.crt']}). This is a security
measure to protect against man-in-the-middle attacks. If you are just
trying Neo4j out and are not concerned about encryption, simply
disable it using encrypted="ENCRYPTION_OFF" in the driver options.
Socket responded with: ERR_TLS_CERT_ALTNAME_INVALID
我已经通读了驱动程序文档 (here),并且添加了 trust: "TRUST_CUSTOM_CA_SIGNED_CERTIFICATES" 和 trustedCertificates:[] 设置。我从我的服务器(cert.pem、chain.pem、完整chain.pem 和 privacy.pem)下载了所有证书,并在 trustedCertificates 设置中链接到它们。
不幸的是,我仍然遇到同样的错误。作为参考,这是我的驱动程序当前的配置方式:
// This module can be used to serve the GraphQL endpoint
// as a lambda function
const { ApolloServer } = require('apollo-server-lambda')
const { makeAugmentedSchema } = require('neo4j-graphql-js')
const neo4j = require('neo4j-driver')
// This module is copied during the build step
// Be sure to run `npm run build`
const { typeDefs } = require('./graphql-schema')
const driver = neo4j.driver(
process.env.NEO4J_URI,
neo4j.auth.basic(
process.env.NEO4J_USER,
process.env.NEO4J_PASSWORD
),
{
encrypted: process.env.NEO4J_ENCRYPTED ? 'ENCRYPTION_ON' : 'ENCRYPTION_OFF',
trust: "TRUST_CUSTOM_CA_SIGNED_CERTIFICATES",
trustedCertificates: ['../../certificates/cert.pem', '../../certificates/chain.pem', '../../certificates/fullchain.pem', '../../certificates/privkey.pem'],
logging: {
level: 'debug',
logger: (level, message) => console.log(level + ' ' + message)
},
}
)
const server = new ApolloServer({
schema: makeAugmentedSchema({ typeDefs }),
context: { driver, neo4jDatabase: process.env.NEO4J_DATABASE },
introspection: true,
playground: true,
})
exports.handler = server.createHandler()
我正在使用最新版本的驱动程序 v2.14.4 并启用了完整日志记录,但我没有得到比上述更多的信息。我只是不知道我做错了什么 - 有人有什么想法吗?
我找到了这个问题的解决方案 - 我查看了文档 (here),发现我需要将我的 NEO4J_URI 从 bolt://SO.ME.IP.ADDRESS:7687 更新到 neo4j://MYDOMAIN.COM:7687.现在我已经完成了这一切都按预期工作。
我刚刚在 Google 云上的虚拟机上设置了我的 Neo4j 服务器,我使用的是企业版 4.1.1,并且我已经完成了 post(here) 由 David Allen 关于如何使用 LetsEncrypt 获得证书。
这一切都运行良好,我现在拥有一个完全安全的 Neo4j 服务器,我可以使用我的主机名通过浏览器 (MYDOMAIN.COM:7473/browser) 访问它。但是,我现在无法让我的应用程序使用 javascript 驱动程序连接到服务器。
我不断收到以下错误:
Failed to connect to server. Please ensure that your database is listening on the correct host and port and that you have compatible encryption settings both on Neo4j server and driver. Note that the default encryption setting has changed in Neo4j 4.0. Caused by: Server certificate is not trusted. If you trust the database you are connecting to, use TRUST_CUSTOM_CA_SIGNED_CERTIFICATES and add the signing certificate, or the server certificate, to the list of certificates trusted by this driver using neo4j.driver(.., { trustedCertificates:['path/to/certificate.crt']}). This is a security measure to protect against man-in-the-middle attacks. If you are just trying Neo4j out and are not concerned about encryption, simply disable it using encrypted="ENCRYPTION_OFF" in the driver options. Socket responded with: ERR_TLS_CERT_ALTNAME_INVALID
我已经通读了驱动程序文档 (here),并且添加了 trust: "TRUST_CUSTOM_CA_SIGNED_CERTIFICATES" 和 trustedCertificates:[] 设置。我从我的服务器(cert.pem、chain.pem、完整chain.pem 和 privacy.pem)下载了所有证书,并在 trustedCertificates 设置中链接到它们。
不幸的是,我仍然遇到同样的错误。作为参考,这是我的驱动程序当前的配置方式:
// This module can be used to serve the GraphQL endpoint
// as a lambda function
const { ApolloServer } = require('apollo-server-lambda')
const { makeAugmentedSchema } = require('neo4j-graphql-js')
const neo4j = require('neo4j-driver')
// This module is copied during the build step
// Be sure to run `npm run build`
const { typeDefs } = require('./graphql-schema')
const driver = neo4j.driver(
process.env.NEO4J_URI,
neo4j.auth.basic(
process.env.NEO4J_USER,
process.env.NEO4J_PASSWORD
),
{
encrypted: process.env.NEO4J_ENCRYPTED ? 'ENCRYPTION_ON' : 'ENCRYPTION_OFF',
trust: "TRUST_CUSTOM_CA_SIGNED_CERTIFICATES",
trustedCertificates: ['../../certificates/cert.pem', '../../certificates/chain.pem', '../../certificates/fullchain.pem', '../../certificates/privkey.pem'],
logging: {
level: 'debug',
logger: (level, message) => console.log(level + ' ' + message)
},
}
)
const server = new ApolloServer({
schema: makeAugmentedSchema({ typeDefs }),
context: { driver, neo4jDatabase: process.env.NEO4J_DATABASE },
introspection: true,
playground: true,
})
exports.handler = server.createHandler()
我正在使用最新版本的驱动程序 v2.14.4 并启用了完整日志记录,但我没有得到比上述更多的信息。我只是不知道我做错了什么 - 有人有什么想法吗?
我找到了这个问题的解决方案 - 我查看了文档 (here),发现我需要将我的 NEO4J_URI 从 bolt://SO.ME.IP.ADDRESS:7687 更新到 neo4j://MYDOMAIN.COM:7687.现在我已经完成了这一切都按预期工作。