This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Head's Up! These forums are read-only. All users and content have migrated. Please join us at community.neo4j.com.
- Neo4j
- Technical Discussions
- Neo4j Graph Platform
- Setting up single node SSL
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Setting up single node SSL
05-15-2019 08:24 AM
Im trying to enable the CA signed certificates to Neo4j server however i'm getting the below error.
2019-05-15 15:15:57.981+0000 WARN The 'dbms.ssl.policy.default_policy.client_auth' setting is specified more than once. Settings only be specified once, to avoid ambiguity. The setting value that will be used is 'NONE'.
2019-05-15 15:15:58.002+0000 INFO ======== Neo4j 3.5.4 ========
2019-05-15 15:15:58.008+0000 INFO Starting...
2019-05-15 15:15:58.594+0000 ERROR Failed to start Neo4j: Starting Neo4j failed: Component 'org.neo4j.server.database.LifecycleManagingDatabase@66ea810' was successfully initialized, but failed to start. Please see the attached cause exception "IOException : DerInputStream.getLength(): lengthTag=56, too big.". Starting Neo4j failed: Component 'org.neo4j.server.database.LifecycleManagingDatabase@66ea810' was successfully initialized, but failed to start. Please see the attached cause exception "IOException : DerInputStream.getLength(): lengthTag=56, too big.".
org.neo4j.server.ServerStartupException: Starting Neo4j failed: Component 'org.neo4j.server.database.LifecycleManagingDatabase@66ea810' was successfully initialized, but failed to start. Please see the attached cause exception "IOException : DerInputStream.getLength(): lengthTag=56, too big.".
at org.neo4j.server.exception.ServerStartupErrors.translateToServerStartupError(ServerStartupErrors.java:45)
at org.neo4j.server.AbstractNeoServer.start(AbstractNeoServer.java:187)
at org.neo4j.server.ServerBootstrapper.start(ServerBootstrapper.java:123)
at org.neo4j.server.ServerBootstrapper.start(ServerBootstrapper.java:90)
at com.neo4j.server.enterprise.CommercialEntryPoint.main(CommercialEntryPoint.java:22)
Caused by: org.neo4j.kernel.lifecycle.LifecycleException: Component 'org.neo4j.server.database.LifecycleManagingDatabase@66ea810' was successfully initialized, but failed to start. Please see the attached cause exception "IOException : DerInputStream.getLength(): lengthTag=56, too big.".
at org.neo4j.kernel.lifecycle.LifeSupport$LifecycleInstance.start(LifeSupport.java:473)
at org.neo4j.kernel.lifecycle.LifeSupport.start(LifeSupport.java:111)
at org.neo4j.server.AbstractNeoServer.start(AbstractNeoServer.java:180)
... 3 more
Caused by: java.lang.RuntimeException: Failed to load private key: /opt/neo4j-enterprise/certificates/default_policy/neo.key
at org.neo4j.kernel.configuration.ssl.SslPolicyLoader.loadPrivateKey(SslPolicyLoader.java:321)
at org.neo4j.kernel.configuration.ssl.SslPolicyLoader.load(SslPolicyLoader.java:206)
at org.neo4j.kernel.configuration.ssl.SslPolicyLoader.create(SslPolicyLoader.java:99)
at org.neo4j.graphdb.factory.module.edition.CommunityEditionModule.<init>(CommunityEditionModule.java:98)
at org.neo4j.kernel.impl.enterprise.EnterpriseEditionModule.<init>(EnterpriseEditionModule.java:55)
at com.neo4j.commercial.edition.CommercialEditionModule.<init>(CommercialEditionModule.java:48)
at org.neo4j.graphdb.facade.GraphDatabaseFacadeFactory.initFacade(GraphDatabaseFacadeFactory.java:179)
at com.neo4j.commercial.edition.CommercialGraphDatabase.<init>(CommercialGraphDatabase.java:20)
at com.neo4j.server.database.CommercialGraphFactory.newGraphDatabase(CommercialGraphFactory.java:40)
at org.neo4j.server.database.LifecycleManagingDatabase.start(LifecycleManagingDatabase.java:90)
at org.neo4j.kernel.lifecycle.LifeSupport$LifecycleInstance.start(LifeSupport.java:452)
... 5 more
Caused by: java.security.spec.InvalidKeySpecException: Neither RSA, DSA nor EC worked
at org.neo4j.ssl.PkiUtils.loadPrivateKey(PkiUtils.java:211)
at org.neo4j.kernel.configuration.ssl.SslPolicyLoader.loadPrivateKey(SslPolicyLoader.java:317)
... 15 more
Caused by: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : DerInputStream.getLength(): lengthTag=56, too big.
at sun.security.ec.ECKeyFactory.engineGeneratePrivate(ECKeyFactory.java:169)
at java.security.KeyFactory.generatePrivate(KeyFactory.java:372)
at org.neo4j.ssl.PkiUtils.loadPrivateKey(PkiUtils.java:207)
... 16 more
Caused by: java.security.InvalidKeyException: IOException : DerInputStream.getLength(): lengthTag=56, too big.
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:351)
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:356)
at sun.security.ec.ECPrivateKeyImpl.<init>(ECPrivateKeyImpl.java:73)
at sun.security.ec.ECKeyFactory.implGeneratePrivate(ECKeyFactory.java:237)
at sun.security.ec.ECKeyFactory.engineGeneratePrivate(ECKeyFactory.java:165)
... 18 more
2019-05-15 15:15:58.596+0000 INFO Neo4j Server shutdown initiated by request
Below is my conf file setting
dbms.ssl.policy.default_policy.base_directory=/opt/neo4j-enterprise/certificates/default_policy
dbms.ssl.policy.default_policy.client_auth=NONE
dbms.ssl.policy.default_policy.allow_key_generation=false
dbms.ssl.policy.default_policy.trust_all=false
dbms.ssl.policy.default_policy.private_key=/opt/neo4j-enterprise/certificates/default_policy/neo.key
dbms.ssl.policy.default_policy.public_certificate=/opt/neo4j-enterprise/certificates/default_policy/ServerCertificate.crt
dbms.ssl.policy.default_policy.trusted_dir=/opt/neo4j-enterprise/certificates/default_policy/trusted
dbms.ssl.policy.default_policy.revoked_dir=/opt/neo4j-enterprise/certificates/default_policy/revoked
dbms.ssl.policy.default_policy.client_auth=optional
Labels:
- Labels:
-
Operations
3 REPLIES 3
05-15-2019 11:05 AM
I usually see this error when the encoding of your certificate is wrong. I believe you need a JKS format key, check these docs:
https://docs.oracle.com/cd/E35976_01/server.740/es_admin/src/tadm_ssl_convert_pem_to_jks.html
What steps to actually take will depend on where you got your cert and what format it's in now.
05-16-2019 04:53 AM
Thanks for the response
we provided .crt and .key files with the below command to the the 3rd party Certificate generator.
openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr
In response we have received signed certificate .crt file (chain.crt and server.crt)
Ealrier , i have tested with self signed crt file it did work. Not sure where i'm going wrong.
Update:
i have managed to start the neo4j node with the certificates after converting .key file DER format. However i'm still not able to access the 7473 port .
This site can’t provide a secure connection
172.XX.XX.XX sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
09-04-2020 01:03 AM
Hi,
Did you manage to get this to work? I'm having the same issue as you
Thanks,
Nick
Nodes 2022
NODES 2022, Neo4j Online Education Summit
All the sessions of the conference are now available online
Related Content
- return empty array from collect() instead of nothing, if nothing found in Neo4j Graph Platform
- Yen's Shortest Path throws error when applied to projection without parallel edges in Neo4j Graph Platform
- Neo4j SDN 6.3.2 - StackOverflow error when calling "findById" method on large graph in Neo4j Graph Platform
- Finding local node by property and shortestPath to it from a list in Neo4j Graph Platform
- Deprecation warning when setting properties with += in Neo4j Graph Platform
