I have found information in Memgraph documentation that "Memgraph contains a self-signed testing certificate"? What does this certificate actually do? If I want to use Docker image only locally on my laptop do I need to replace it?
Does this certificate have an expiration date?
The certificate is generated during the packaging/release process, e.g., on Debian, there is the postinst script (take a look under "# Generate SSL certificates"). The self-signed cert is a "regular" certificate that can be used for, e.g., local testing and testing environments, but it's not signed by any thrust authority. You can even deploy Memgrpah in a "production" environment without changing it, but then the deployment should be protected on a higher level, e.g., placed inside a VPN. If you expose Memgraph so that anyone on the internet can reach it, you should probably obtain a legit certificate.
As you can see in the Debian script, the certificate is valid for 3560 days (10 years) after Memgraph is installed on the system (that applies if you install Memgraph natively on Debian. If you are using Docker, the cert is valid 10 years after the image has been created.
