Automatically trust a Neo4j instance the first time we see it - but fail to connect if its encryption certificate ever changes.
This is similar to the mechanism used in SSH, and protects against man-in-the-middle attacks that occur after the initial setup of your application.
Known Neo4j hosts are recorded in a file,
certFile.
Each time we reconnect to a known host, we verify that its certificate remains the same, guarding against attackers intercepting our communication.
Note that this approach is vulnerable to man-in-the-middle attacks the very first time you connect to a new Neo4j instance.
If you do not trust the network you are connecting over, consider using
#trustCustomCertificateSignedBy(File) signed certificates} instead, or manually adding the
trusted host line into the specified file.