1

I'm having a problem with my certificates by updating from Neo4j 2.3.1 to Neo4j 3.0.3 on Windows. According to both the 2.3.1 and 3.0.3 documentation:

Neo4j also supports chained SSL certificates. This requires to have all certificates in PEM format combined in one file and the private key needs to be in DER format.

I've done pretty much the same as this question and that got it working in 2.3.1. When I try to use them in 3.0.3 I have no luck and get an error on startup.

They are called neo4j.cert and neo4j.key and are located in the certificates folder as required.

I similar problem I found already has been reported here however I'm on a Windows server and I actually need certificates that are not self signed.

The error I get is:

2016-08-17 01:11:19.095+0000 INFO  Starting...
2016-08-17 01:11:19.548+0000 ERROR Failed to start Neo4j: Starting Neo4j failed: Component 'org.neo4j.server.database.LifecycleManagingDatabase@6a32213c' was successfully initialized, but failed to start. Please see attached cause exception. Starting Neo4j failed: Component 'org.neo4j.server.database.LifecycleManagingDatabase@6a32213c' was successfully initialized, but failed to start. Please see attached cause exception.
org.neo4j.server.ServerStartupException: Starting Neo4j failed: Component 'org.neo4j.server.database.LifecycleManagingDatabase@6a32213c' was successfully initialized, but failed to start. Please see attached cause exception.
  at org.neo4j.server.exception.ServerStartupErrors.translateToServerStartupError(ServerStartupErrors.java:68)
  at org.neo4j.server.AbstractNeoServer.start(AbstractNeoServer.java:217)
  at org.neo4j.server.ServerBootstrapper.start(ServerBootstrapper.java:87)
  at org.neo4j.server.BlockingBootstrapper.start(BlockingBootstrapper.java:43)
  at org.neo4j.server.ServerBootstrapper.start(ServerBootstrapper.java:66)
  at org.neo4j.server.CommunityEntryPoint.start(CommunityEntryPoint.java:38)
Caused by: org.neo4j.kernel.lifecycle.LifecycleException: Component 'org.neo4j.server.database.LifecycleManagingDatabase@6a32213c' was successfully initialized, but failed to start. Please see attached cause exception.
  at org.neo4j.kernel.lifecycle.LifeSupport$LifecycleInstance.start(LifeSupport.java:444)
  at org.neo4j.kernel.lifecycle.LifeSupport.start(LifeSupport.java:107)
  at org.neo4j.server.AbstractNeoServer.start(AbstractNeoServer.java:189)
  ... 4 more
Caused by: java.lang.RuntimeException: Error starting org.neo4j.kernel.impl.factory.CommunityFacadeFactory, Y:\neo4j\data\databases\ram.db
  at org.neo4j.kernel.impl.factory.GraphDatabaseFacadeFactory.newFacade(GraphDatabaseFacadeFactory.java:144)
  at org.neo4j.kernel.impl.factory.CommunityFacadeFactory.newFacade(CommunityFacadeFactory.java:40)
  at org.neo4j.kernel.impl.factory.GraphDatabaseFacadeFactory.newFacade(GraphDatabaseFacadeFactory.java:108)
  at org.neo4j.server.CommunityNeoServer.lambda$static$31(CommunityNeoServer.java:55)
  at org.neo4j.server.database.LifecycleManagingDatabase.start(LifecycleManagingDatabase.java:89)
  at org.neo4j.kernel.lifecycle.LifeSupport$LifecycleInstance.start(LifeSupport.java:434)
  ... 6 more
Caused by: org.neo4j.kernel.lifecycle.LifecycleException: Component 'org.neo4j.kernel.extension.KernelExtensions@1040a217' failed to initialize. Please see attached cause exception.
  at org.neo4j.kernel.lifecycle.LifeSupport$LifecycleInstance.init(LifeSupport.java:416)
  at org.neo4j.kernel.lifecycle.LifeSupport.init(LifeSupport.java:62)
  at org.neo4j.kernel.lifecycle.LifeSupport.start(LifeSupport.java:98)
  at org.neo4j.kernel.impl.factory.GraphDatabaseFacadeFactory.newFacade(GraphDatabaseFacadeFactory.java:140)
  ... 11 more
Caused by: java.lang.RuntimeException: Failed to initilize SSL encryption support, which is required to start this connector. Error was: failed to initialize the server-side SSL context
  at org.neo4j.bolt.BoltKernelExtension.createSslContext(BoltKernelExtension.java:205)
  at org.neo4j.bolt.BoltKernelExtension.lambda$newInstance$14(BoltKernelExtension.java:166)
  at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193)
  at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:175)
  at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193)
  at java.util.ArrayList.forEach(ArrayList.java:1249)
  at java.util.stream.SortedOps$RefSortingSink.end(SortedOps.java:390)
  at java.util.stream.DistinctOps$1$2.end(DistinctOps.java:168)
  at java.util.stream.Sink$ChainedReference.end(Sink.java:258)
  at java.util.stream.Sink$ChainedReference.end(Sink.java:258)
  at java.util.stream.Sink$ChainedReference.end(Sink.java:258)
  at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:482)
  at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
  at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708)
  at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
  at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499)
  at org.neo4j.bolt.BoltKernelExtension.newInstance(BoltKernelExtension.java:178)
  at org.neo4j.bolt.BoltKernelExtension.newInstance(BoltKernelExtension.java:83)
  at org.neo4j.kernel.extension.KernelExtensions.init(KernelExtensions.java:69)
  at org.neo4j.kernel.lifecycle.LifeSupport$LifecycleInstance.init(LifeSupport.java:406)
  ... 14 more
Caused by: javax.net.ssl.SSLException: failed to initialize the server-side SSL context
  at io.netty.handler.ssl.JdkSslServerContext.<init>(JdkSslServerContext.java:222)
  at io.netty.handler.ssl.JdkSslServerContext.<init>(JdkSslServerContext.java:161)
  at io.netty.handler.ssl.SslContext.newServerContextInternal(SslContext.java:399)
  at io.netty.handler.ssl.SslContextBuilder.build(SslContextBuilder.java:207)
  at org.neo4j.bolt.BoltKernelExtension.createSslContext(BoltKernelExtension.java:200)
  ... 33 more
Caused by: java.security.KeyException: found no private key: Y:\neo4j\certificates\neo4j.key
  at io.netty.handler.ssl.PemReader.readPrivateKey(PemReader.java:99)
  at io.netty.handler.ssl.SslContext.buildKeyStore(SslContext.java:890)
  at io.netty.handler.ssl.JdkSslContext.buildKeyManagerFactory(JdkSslContext.java:313)
  at io.netty.handler.ssl.JdkSslContext.buildKeyManagerFactory(JdkSslContext.java:291)
  at io.netty.handler.ssl.JdkSslServerContext.<init>(JdkSslServerContext.java:205)
  ... 37 more
Community
  • 1
  • 1
Carlipoot
  • 21
  • 4

1 Answers1

1

Okay, so there were two reasons why this error seems to have occurred.

  • The key was encrypted
  • The key was in DER format

Even though the documentation requires the key in DER format it seems Neo4j 3.0.3 prefers PEM.

Here is the method used:

  • Generate key and certificate using:
    • openssl genrsa -out neo4j.key 4096
    • openssl req -new -key neo4j.key -out server.csr
  • Get certificate signed by CA as PEM Base64
  • Append other certificates in the chain
  • Rename certificate file to neo4j.cert

Now you just add the files into the certificates folder and start the server.

Carlipoot
  • 21
  • 4