I'm currently developing a graph app for neo4j desktop. From what i figured out, app should be signed with neo4j@code-signer (which utilizes node-forge i presume). It needs a certificate and private key (and password probably).
What i can't figure out is, what kind of certificate is actually needed?
- I signed my app with self-signed certificate which produced a big untrusted warning in neo4j desktop (touche, i should have known).
- I used my ssl key which enabled my HTTPS, but this produced an error in neo4j desktop:
Certificate keyUsage or basicConstraints conflict or indicate that the certificate is not a CA. If the certificate is the only one in the chain or isn't the first then the certificate must be a valid CA.
Both options did produce signature.pem file.
Do i need to buy a Code Signing Certificate for this? If so, standard or EV?
Any help would be greatly appreciated!
Maybe this is going to help somebody: There wasn't any issue with my certificates.
I got an answer from neo4j offical, that they are (at the time being) signing apps internaly, and that there is no automated way to do this (yet).