如何在Noe4j上启用螺栓协议上的TLS？

Question

我已经将Neo4j配置为在浏览器和bolt协议中使用加密连接bith。我有一个用CA签署的有效证书，浏览器可以很好地访问和运行查询。然后问题出现在通过螺栓协议的cypher shell上。我得到了这个错误：

 cypher-shell --encryption true -d database -a bolt://ip_address:7687 -u user -p password--debug

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
        at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
        at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
        at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
        ... 42 more

https和bolt使用相同的证书和私钥。TLS配置为：

# Bolt SSL configuration
dbms.ssl.policy.bolt.enabled=true
dbms.ssl.policy.bolt.base_directory=certificates/bolt
dbms.ssl.policy.bolt.private_key=neo4j.key
dbms.ssl.policy.bolt.public_certificate=neo4j.crt

# Https SSL configuration                                                                                               dbms.ssl.policy.https.enabled=true
dbms.ssl.policy.https.base_directory=certificates/https
dbms.ssl.policy.https.private_key=neo4j.key
dbms.ssl.policy.https.public_certificate=neo4j.crt

# Bolt connector
dbms.connector.bolt.enabled=true
dbms.connector.bolt.tls_level=REQUIRED
#dbms.connector.bolt.listen_address=0.0.0.0:7687

# HTTP Connector. There can be zero or one HTTP connectors.                                                             dbms.connector.http.enabled=false
#dbms.connector.http.listen_address=:7474

# HTTPS Connector. There can be zero or one HTTPS connectors.
dbms.connector.https.enabled=true
#dbms.connector.https.listen_address=0.0.0.0:7473

我使用的是Neo4j 4.0.3社区版。

我如何使用螺栓协议来解决这个问题？

Answer 1

使用以下任一选项

cypher-shell -u user -p password --debug -a host --encryption true

或

cypher-shell -u user -p password --debug -a bolt+s://host