Hi Stefan, When attempting the first part of step 2, I seem to be having an issue with the -outform parameter, and looking at the options for pcks12, it doesn't appear to exist.
Might there be something I'm doing wrong, or is there another option you are aware of? Thanks! Pete On Tuesday, August 13, 2013 at 9:39:42 AM UTC-4, Stefan Armbruster wrote: > You should use PEM format for certificates and DER for the key. In > case of chained certificates (supported starting with Neo4j 1.9.2) you > can aggregate all the certs into one cert file. > > So I'd try: > 1) openssl pkcs12 -in Wildcard_evosoft.com_bis_2017.pfx -clcerts > -nokeys -out Wildcard_evosoft.com_bis_2017.cert > Using an editor strip off anything before -----BEGIN CERTIFICATE----- > in this file > > 2) openssl pkcs12 -in Wildcard_evosoft.com_bis_2017.pfx -nodes > -nocerts -outform der -out temp.key > openssl rsa -in temp.key -outform der -out > Wildcard_evosoft.com_bis_2017.key > > Also make sure org.neo4j.server.webserver.https config params point to > the right files. > If this does not work check data/log/console.log and > data/log/neo4j.0.0.log for errors. > > Cheers, > Stefan > > 2013/8/13 Evoboy <[email protected] <javascript:>>: > > Hi Group, > > > > We convert a windows .pfx file to .cert and .key with OpenSSL > > > > > > > > · openssl pkcs12 -in Wildcard_evosoft.com_bis_2017.pfx -clcerts > > -nokeys -out Wildcard_evosoft.com_bis_2017.cert > > · openssl pkcs12 -in Wildcard_evosoft.com_bis_2017.pfx -nocerts > > -nodes -out Wildcard_evosoft.com_bis_2017.key > > > > > > > > When we use the new ssl-files don’t´ start the neo4j-server > > > > > > > > # https port (for all data, administrative, and UI access) > > > > > > > > org.neo4j.server.webserver.https.port=7473 > > > > > > > > # Certificate location (auto generated if the file does not exist) > > > > org.neo4j.server.webserver.https.cert.location=conf/ssl/new.crt > > > > > > > > # Private key location (auto generated if the file does not exist) > > > > org.neo4j.server.webserver.https.key.location=conf/ssl/new.key > > > > > > > > # Internally generated keystore (don't try to put your own > > > > # keystore there, it will get deleted when the server starts) > > > > org.neo4j.server.webserver.https.keystore.location=data/keystore > > > > > > ??? > > > > > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "Neo4j" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > -- You received this message because you are subscribed to the Google Groups "Neo4j" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
