cancel
Showing results for 
Search instead for 
Did you mean: 

Head's Up! These forums are read-only. All users and content have migrated. Please join us at community.neo4j.com.

"Empty Password" error: Neo4j Desktop SSL

Harrolee
Node Link

I get some exceptions after following SSL Neo4j guide.

I generated an RSA private key in ppk format with puttygen. I converted the key to pem format and saved it as "private.key" in the certficates/bolt directory. I suspect this is the process that I messed up.

The logs start with "password empty".
A telling line is:

Caused by: org.bouncycastle.openssl.PEMException: Unable to create OpenSSL PBDKF: Could not generate secret key

Would someone help me learn what these errors mean?
The full logs are below. Thank you for reading!

Version 4.03

2020-04-15 02:29:40.385+0000 INFO  ======== Neo4j 4.0.3 ========
2020-04-15 02:29:40.393+0000 INFO  Starting...
2020-04-15 02:29:42.280+0000 ERROR Failed to start Neo4j: Starting Neo4j failed: Component 'org.neo4j.server.database.LifecycleManagingDatabaseService@841e575' was successfully initialized, but failed to start. Please see the attached cause exception "password empty". Starting Neo4j failed: Component 'org.neo4j.server.database.LifecycleManagingDatabaseService@841e575' was successfully initialized, but failed to start. Please see the attached cause exception "password empty".
org.neo4j.server.ServerStartupException: Starting Neo4j failed: Component 'org.neo4j.server.database.LifecycleManagingDatabaseService@841e575' was successfully initialized, but failed to start. Please see the attached cause exception "password empty".
	at org.neo4j.server.exception.ServerStartupErrors.translateToServerStartupError(ServerStartupErrors.java:45)
	at org.neo4j.server.AbstractNeoServer.start(AbstractNeoServer.java:164)
	at org.neo4j.server.ServerBootstrapper.start(ServerBootstrapper.java:114)
	at org.neo4j.server.ServerBootstrapper.start(ServerBootstrapper.java:89)
	at com.neo4j.server.enterprise.EnterpriseEntryPoint.main(EnterpriseEntryPoint.java:25)
Caused by: org.neo4j.kernel.lifecycle.LifecycleException: Component 'org.neo4j.server.database.LifecycleManagingDatabaseService@841e575' was successfully initialized, but failed to start. Please see the attached cause exception "password empty".
	at org.neo4j.kernel.lifecycle.LifeSupport$LifecycleInstance.start(LifeSupport.java:465)
	at org.neo4j.kernel.lifecycle.LifeSupport.start(LifeSupport.java:111)
	at org.neo4j.server.AbstractNeoServer.start(AbstractNeoServer.java:157)
	... 3 more
Caused by: java.lang.RuntimeException: Failed to load private key: C:\Users\Lee\.Neo4jDesktop\neo4jDatabases\database-9ba29752-2e5c-4af7-9215-82d8feb4e023\installation-4.0.3\certificates\bolt\private.key
	at org.neo4j.ssl.config.SslPolicyLoader.loadPrivateKey(SslPolicyLoader.java:289)
	at org.neo4j.ssl.config.SslPolicyLoader.pemKeyAndChain(SslPolicyLoader.java:219)
	at org.neo4j.ssl.config.SslPolicyLoader.createSslPolicy(SslPolicyLoader.java:162)
	at org.neo4j.ssl.config.SslPolicyLoader.addPolicy(SslPolicyLoader.java:143)
	at java.base/java.util.HashMap$Values.forEach(HashMap.java:976)
	at org.neo4j.ssl.config.SslPolicyLoader.load(SslPolicyLoader.java:133)
	at org.neo4j.ssl.config.SslPolicyLoader.create(SslPolicyLoader.java:96)
	at org.neo4j.graphdb.factory.module.edition.CommunityEditionModule.<init>(CommunityEditionModule.java:110)
	at com.neo4j.enterprise.edition.EnterpriseEditionModule.<init>(EnterpriseEditionModule.java:114)
	at com.neo4j.enterprise.edition.EnterpriseEditionModule.<init>(EnterpriseEditionModule.java:109)
	at org.neo4j.graphdb.facade.DatabaseManagementServiceFactory.build(DatabaseManagementServiceFactory.java:118)
	at com.neo4j.server.database.EnterpriseGraphFactory.newDatabaseManagementService(EnterpriseGraphFactory.java:38)
	at org.neo4j.server.database.LifecycleManagingDatabaseService.start(LifecycleManagingDatabaseService.java:88)
	at org.neo4j.kernel.lifecycle.LifeSupport$LifecycleInstance.start(LifeSupport.java:444)
	... 5 more
Caused by: org.bouncycastle.openssl.PEMException: Unable to create OpenSSL PBDKF: Could not generate secret key
	at org.bouncycastle.openssl.jcajce.PEMUtilities.getKey(Unknown Source)
	at org.bouncycastle.openssl.jcajce.PEMUtilities.crypt(Unknown Source)
	at org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder$1$1.decrypt(Unknown Source)
	at org.bouncycastle.openssl.PEMEncryptedKeyPair.decryptKeyPair(Unknown Source)
	at org.neo4j.ssl.PkiUtils.loadPrivateKey(PkiUtils.java:114)
	at org.neo4j.ssl.config.SslPolicyLoader.loadPrivateKey(SslPolicyLoader.java:284)
	... 18 more
Caused by: java.security.spec.InvalidKeySpecException: Could not generate secret key
	at java.base/javax.crypto.SecretKeyFactory.generateSecret(SecretKeyFactory.java:355)
	... 24 more
Caused by: java.lang.IllegalArgumentException: password empty
	at org.bouncycastle.jcajce.provider.symmetric.OpenSSLPBKDF$PBKDF.engineGenerateSecret(Unknown Source)
	at java.base/javax.crypto.SecretKeyFactory.generateSecret(SecretKeyFactory.java:344)
	... 24 more
2020-04-15 02:29:42.283+0000 INFO  Neo4j Server shutdown initiated by request
1 ACCEPTED SOLUTION

Harrolee
Node Link

"Empty Password" means that I did not supply a password for the certificate.
I set a password in the config file. Find the config file like so:

1, Click the ellipses on the top right corner of Graph
2X_1_125a759e9a50f0b9812fcd7836ed40daf0cc104e.png
2. click manage
3. click the settings tab
4. you can also find the config file for the db in its installation path.

Within the config file--

  1. ctrl f "Bolt SSL configuration"
  2. add the line "dbms.ssl.policy.bolt.private_key_password="

Clearly, I don't know much about TLS/SSL.
Reading this free book helped me out: https://www.feistyduck.com/library/openssl-cookbook/

Puttygen can generate a private key but it cannot create a certificate or sign it.
OpenSSL can do everything you could need to do with SSL.

View solution in original post

1 REPLY 1

Harrolee
Node Link

"Empty Password" means that I did not supply a password for the certificate.
I set a password in the config file. Find the config file like so:

1, Click the ellipses on the top right corner of Graph
2X_1_125a759e9a50f0b9812fcd7836ed40daf0cc104e.png
2. click manage
3. click the settings tab
4. you can also find the config file for the db in its installation path.

Within the config file--

  1. ctrl f "Bolt SSL configuration"
  2. add the line "dbms.ssl.policy.bolt.private_key_password="

Clearly, I don't know much about TLS/SSL.
Reading this free book helped me out: https://www.feistyduck.com/library/openssl-cookbook/

Puttygen can generate a private key but it cannot create a certificate or sign it.
OpenSSL can do everything you could need to do with SSL.