Emphasize the use of --expand-commands when using encrypted private key#3011
Emphasize the use of --expand-commands when using encrypted private key#3011renetapopova wants to merge 3 commits into
Conversation
| @@ -1087,12 +1093,6 @@ To adjust paths to cert and encrypted password file, use full paths: | |||
| dbms.ssl.policy.bolt.private_key_password=$(base64 -w 0 certificate.crt | openssl aes-256-cbc -a -d -in password.enc -pass stdin) | |||
There was a problem hiding this comment.
Two things:
- I think it should be like this for command expansion to work:
dbms.ssl.policy.bolt.private_key_password=$(bash -lc 'base64 -w 0 /path/to/certificate.crt | openssl aes-256-cbc -a -d -in /path/to/password.enc -pass stdin'
- In this example we call out "bolt" in dbms.ssl.policy.bolt.private_key_password specifically but depending on what the user is trying to do it could be either of bolt, https, cluster, backup
There was a problem hiding this comment.
and actually "certificate.crt" does not need to be a certificate, just anything random enough will do.
There was a problem hiding this comment.
Thanks, @JoakimBulow. I added your suggestion. Unfortunately, I don't know enough to comment on what you're suggesting.
There was a problem hiding this comment.
If you think the steps can be simplified or changed to say that a certificate can be anything, could you please make the suggestions in line? Thanks
There was a problem hiding this comment.
@JoakimBulow, could you take a look at my comment above? Thanks!
renetapopova
force-pushed
the
dev-ssl-encrypted-private-key
branch
from
29bacb9 to
6dc494e
Compare
|
This PR includes documentation updates Updated pages: |
3 participants
https://linear.app/neo4j/issue/DOCCORE-236/feedback-ssl-framework