/ azure

SSL warn while connecting Azure COSMOSDB(Gremlin API) from Gremlin console/driver

Azure Cosmos DB supports Apache Tinkerpop's graph traversal language, Gremlin, which is a Graph API for creating graph entities, and performing graph query operations.

You can Get Started easily following https://docs.microsoft.com/en-us/azure/cosmos-db/graph-introduction

You might experience below warning while connecting your app with COSMOSDB remote server.

WARN  org.apache.tinkerpop.gremlin.driver.Cluster  - SSL configured without a trustCertChainFile and thus trusts all certificates without verification (not suitable for production)

Most of the Providers do provide a root cert that you could use to fix this warning..

You should be able to grab a Baltimore root certificate from below url.. Its valid till 2025..

Convert this downloaded .crt file to .pem file. Mac has built-in keychain Access tool which should help you do it easily…

As you can see in below screenshot.. there is bc2025.crt and also bc2025.pem file for ls output


Below is my sample remote-session.yaml file..

For the first remote connect I have removed trustCertChainFile and it gave me SSL warning.

For the second scenario, I have added trustCertChainFile in it pointing to pem file that we created earlier from crt and haven’t see any warning..

hosts: ["xxxxxx.gremlin.cosmosdb.azure.com"]
port: 443
username: "/dbs/graphdb/colls/Persons"
password: "xxxxxxxxxxxxxxxxxxxxx"
connectionPool: {
  enableSsl: true,
  trustCertChainFile: "/Users/prashanth/workspace/apache-tinkerpop-gremlin-console-3.3.1/bc2025.pem"
serializer: { className: org.apache.tinkerpop.gremlin.driver.ser.GraphSONMessageSerializerV1d0, config: { serializeResultToString: true }}

I’m sure similar option should exist for other drivers..

For Java App, check for configuration section at below link that has connectionPool.trustCertChainFile

Prashanth Madi

Prashanth Madi

I'm a programmer & Tech enthusiast. I work for OpenSource Support Team at Microsoft, but this blog, its content & opinions are my own. I blog about tech, gadgets, code, where we're going & we've been.

Read More