This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Head's Up! These forums are read-only. All users and content have migrated. Please join us at community.neo4j.com.

"Empty Password" error: Neo4j Desktop SSL

Go to solution
Harrolee
Node Link

‎04-14-2020 07:56 PM

I get some exceptions after following SSL Neo4j guide.

I generated an RSA private key in ppk format with puttygen. I converted the key to pem format and saved it as "private.key" in the certficates/bolt directory. I suspect this is the process that I messed up.

The logs start with "password empty".
A telling line is:

Caused by: org.bouncycastle.openssl.PEMException: Unable to create OpenSSL PBDKF: Could not generate secret key

Would someone help me learn what these errors mean?
The full logs are below. Thank you for reading!

Version 4.03

2020-04-15 02:29:40.385+0000 INFO  ======== Neo4j 4.0.3 ========
2020-04-15 02:29:40.393+0000 INFO  Starting...
2020-04-15 02:29:42.280+0000 ERROR Failed to start Neo4j: Starting Neo4j failed: Component 'org.neo4j.server.database.LifecycleManagingDatabaseService@841e575' was successfully initialized, but failed to start. Please see the attached cause exception "password empty". Starting Neo4j failed: Component 'org.neo4j.server.database.LifecycleManagingDatabaseService@841e575' was successfully initialized, but failed to start. Please see the attached cause exception "password empty".
org.neo4j.server.ServerStartupException: Starting Neo4j failed: Component 'org.neo4j.server.database.LifecycleManagingDatabaseService@841e575' was successfully initialized, but failed to start. Please see the attached cause exception "password empty".
	at org.neo4j.server.exception.ServerStartupErrors.translateToServerStartupError(ServerStartupErrors.java:45)
	at org.neo4j.server.AbstractNeoServer.start(AbstractNeoServer.java:164)
	at org.neo4j.server.ServerBootstrapper.start(ServerBootstrapper.java:114)
	at org.neo4j.server.ServerBootstrapper.start(ServerBootstrapper.java:89)
	at com.neo4j.server.enterprise.EnterpriseEntryPoint.main(EnterpriseEntryPoint.java:25)
Caused by: org.neo4j.kernel.lifecycle.LifecycleException: Component 'org.neo4j.server.database.LifecycleManagingDatabaseService@841e575' was successfully initialized, but failed to start. Please see the attached cause exception "password empty".
	at org.neo4j.kernel.lifecycle.LifeSupport$LifecycleInstance.start(LifeSupport.java:465)
	at org.neo4j.kernel.lifecycle.LifeSupport.start(LifeSupport.java:111)
	at org.neo4j.server.AbstractNeoServer.start(AbstractNeoServer.java:157)
	... 3 more
Caused by: java.lang.RuntimeException: Failed to load private key: C:\Users\Lee\.Neo4jDesktop\neo4jDatabases\database-9ba29752-2e5c-4af7-9215-82d8feb4e023\installation-4.0.3\certificates\bolt\private.key
	at org.neo4j.ssl.config.SslPolicyLoader.loadPrivateKey(SslPolicyLoader.java:289)
	at org.neo4j.ssl.config.SslPolicyLoader.pemKeyAndChain(SslPolicyLoader.java:219)
	at org.neo4j.ssl.config.SslPolicyLoader.createSslPolicy(SslPolicyLoader.java:162)
	at org.neo4j.ssl.config.SslPolicyLoader.addPolicy(SslPolicyLoader.java:143)
	at java.base/java.util.HashMap$Values.forEach(HashMap.java:976)
	at org.neo4j.ssl.config.SslPolicyLoader.load(SslPolicyLoader.java:133)
	at org.neo4j.ssl.config.SslPolicyLoader.create(SslPolicyLoader.java:96)
	at org.neo4j.graphdb.factory.module.edition.CommunityEditionModule.<init>(CommunityEditionModule.java:110)
	at com.neo4j.enterprise.edition.EnterpriseEditionModule.<init>(EnterpriseEditionModule.java:114)
	at com.neo4j.enterprise.edition.EnterpriseEditionModule.<init>(EnterpriseEditionModule.java:109)
	at org.neo4j.graphdb.facade.DatabaseManagementServiceFactory.build(DatabaseManagementServiceFactory.java:118)
	at com.neo4j.server.database.EnterpriseGraphFactory.newDatabaseManagementService(EnterpriseGraphFactory.java:38)
	at org.neo4j.server.database.LifecycleManagingDatabaseService.start(LifecycleManagingDatabaseService.java:88)
	at org.neo4j.kernel.lifecycle.LifeSupport$LifecycleInstance.start(LifeSupport.java:444)
	... 5 more
Caused by: org.bouncycastle.openssl.PEMException: Unable to create OpenSSL PBDKF: Could not generate secret key
	at org.bouncycastle.openssl.jcajce.PEMUtilities.getKey(Unknown Source)
	at org.bouncycastle.openssl.jcajce.PEMUtilities.crypt(Unknown Source)
	at org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder$1$1.decrypt(Unknown Source)
	at org.bouncycastle.openssl.PEMEncryptedKeyPair.decryptKeyPair(Unknown Source)
	at org.neo4j.ssl.PkiUtils.loadPrivateKey(PkiUtils.java:114)
	at org.neo4j.ssl.config.SslPolicyLoader.loadPrivateKey(SslPolicyLoader.java:284)
	... 18 more
Caused by: java.security.spec.InvalidKeySpecException: Could not generate secret key
	at java.base/javax.crypto.SecretKeyFactory.generateSecret(SecretKeyFactory.java:355)
	... 24 more
Caused by: java.lang.IllegalArgumentException: password empty
	at org.bouncycastle.jcajce.provider.symmetric.OpenSSLPBKDF$PBKDF.engineGenerateSecret(Unknown Source)
	at java.base/javax.crypto.SecretKeyFactory.generateSecret(SecretKeyFactory.java:344)
	... 24 more
2020-04-15 02:29:42.283+0000 INFO  Neo4j Server shutdown initiated by request
Labels:
0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
Harrolee
Node Link

‎04-19-2020 10:09 AM

"Empty Password" means that I did not supply a password for the certificate.
I set a password in the config file. Find the config file like so:

1, Click the ellipses on the top right corner of Graph
2X_1_125a759e9a50f0b9812fcd7836ed40daf0cc104e.png
2. click manage
3. click the settings tab
4. you can also find the config file for the db in its installation path.

Within the config file--

  1. ctrl f "Bolt SSL configuration"
  2. add the line "dbms.ssl.policy.bolt.private_key_password="

Clearly, I don't know much about TLS/SSL.
Reading this free book helped me out: https://www.feistyduck.com/library/openssl-cookbook/

Puttygen can generate a private key but it cannot create a certificate or sign it.
OpenSSL can do everything you could need to do with SSL.

View solution in original post

0 Kudos
Reply
1 REPLY 1

Go to solution
Harrolee
Node Link

‎04-19-2020 10:09 AM

"Empty Password" means that I did not supply a password for the certificate.
I set a password in the config file. Find the config file like so:

1, Click the ellipses on the top right corner of Graph
2X_1_125a759e9a50f0b9812fcd7836ed40daf0cc104e.png
2. click manage
3. click the settings tab
4. you can also find the config file for the db in its installation path.

Within the config file--

  1. ctrl f "Bolt SSL configuration"
  2. add the line "dbms.ssl.policy.bolt.private_key_password="

Clearly, I don't know much about TLS/SSL.
Reading this free book helped me out: https://www.feistyduck.com/library/openssl-cookbook/

Puttygen can generate a private key but it cannot create a certificate or sign it.
OpenSSL can do everything you could need to do with SSL.

0 Kudos
Reply
Nodes 2022
Nodes
NODES 2022, Neo4j Online Education Summit

All the sessions of the conference are now available online

Watch replays