Securing Neo4J with TLS through bolt protocol

Question

Neo4J server configuration allows to set up a server-side policy to secure both HTTPS and BOLT connections.

In my installation I secured the BOLT connection by setting up a policy with PEM public and private key and settings:

dbms.connector.bolt.enabled=true
dbms.connector.bolt.tls_level=REQUIRED
bolt.ssl_policy=my_policy

dbms.ssl.policy.my_policy..base_directory=...
...

The set up works with a browser client. When I connect to the server through HTTPS, I am able to log in using ":server connect" command and use Neo4J browser with my server.

What I cannot do is figure out how other client can connect to Neo4J with secure BOLT protocol. Specifically, I tried connecting from cypher-shell and from a Java client (using Java Driver v 1.6). When TLS for BOLT is disabled, both connect without a hitch. Enabling TLS causes bad_certificate error in both clients.

I tried starting both cypher-shell and my Java client by passing JVM properties pointing to my trust store and key store

(-Djavax.net.ssl.keyStore=... 
  -Djavax.net.ssl.keyStorePassword=...
  -Djavax.net.ssl.trustStore=...
  -Djavax.net.ssl.trustStorePassword=...)

These properties have no effect on either Neo4J client. I am getting a bad_certificate exception.

I tried enabling SSL debugging (-Djavax.net.debug=ssl,handshake). Calling the Java client or cypher-shell with keystore and truststore parameters has no effect on the SSL debug output.

How do I connect to the server with TLS for BOLT enabled from cypher-shell or a Java client?

Thank you.