Has anybody ever set up SSL in a way that requires a valid cert (not self-signed)? I’m working on securing Neo4J, but self-signed certs don’t appear to work in the cluster (naming issues), and I’d like to find out how people have dealt with certs in the past.
I’ve typically generated a self-signed CA certificate using OpenSSL (along with installing it in the certificate store as trusted on each server). After that, generate server/application specific certificates with the provided CA using CN attribute(s) that match it’s DNS, host name, and/or IP address. This would get around the trust and mismatch name errors during certificate validation. Though I don’t have specific knowledge to Neo4J clustering (with SSL), and if this would solve your issue.
I’ve been using Let’s Encrypt for years without issue. You might have to replace the “cert.pem” with the “fullchain.pem” for X3 to work properly under /path_to/neo4j/certificates/