I'm having trouble getting neo4j to work with my own SSL certificates (this is both on Windows and Linux). When attempting to start server it sits at log entry "Enabling HTTPS on port :7473" for around 7 seconds and then terminates with no error message. So, I'm not sure if there is a problem with the format of the certificates I’m dealing with vs what neo4j expects. If I use neo4j's SslCertifcateFactory.java code to create a self signed certificate that also works. But when I use my company's certs or one I create via keytool (as below), the server never starts. Here is an example of some testing I did recently with a self signed certificate generated via keytool that does not work. I thought I read somewhere that neo4j expect certs to be in "der" format which is what I did below.
I am more used to configuring SSL in jetty (for example) where I simply list in jetty.xml file the keystore path and password, as opposed to including the individual certificates as separate files as neo4j appears to require. Any help resolving this problem would be appreciated. Sample steps I followed to create certs that did not work are as follows: *** create keys and keystore keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048 *** export certificate from keystore keytool -export -alias selfsigned -file test.cert -keystore keystore.jks *** export private key from keystore keytool -v -importkeystore -srckeystore keystore.jks -srcalias selfsigned -destkeystore test.p12 -deststoretype PKCS12 openssl pkcs12 -in test.p12 -out test.pem openssl x509 -outform der -in test.pem -out test.key **** changed relevant lines in neo4j-server.properties # Certificate location (auto generated if the file does not exist) #org.neo4j.server.webserver.https.cert.location=conf/ssl/snakeoil.cert org.neo4j.server.webserver.https.cert.location=E:/CERTS/test.cert # Private key location (auto generated if the file does not exist) #org.neo4j.server.webserver.https.key.location=conf/ssl/snakeoil.key org.neo4j.server.webserver.https.key.location=E:/CERTS/test.key # Internally generated keystore (don't try to put your own # keystore there, it will get deleted when the server starts) org.neo4j.server.webserver.https.keystore.location=data/keystore When starting neo4j server, the following log entries appear. It sits at "Enabling HTTPS on port :7473" step for 7 seconds and then server terminates (and no error message appears on screen or in any log file). 2015-05-16 00:28:11.203+0000 INFO [API] Setting startup timeout to: 120000ms based on 120000 2015-05-16 00:28:13.658+0000 INFO [API] Successfully started database 2015-05-16 00:28:13.696+0000 INFO [API] Starting HTTP on port :7474 with 4 threads available 2015-05-16 00:28:13.840+0000 INFO [API] Enabling HTTPS on port :7473 May 15, 2015 8:28:20 PM org.neo4j.wrapper.NeoServiceWrapper launchAsConsoleApp INFO: Params May 15, 2015 8:28:20 PM org.neo4j.wrapper.NeoServiceWrapper launchAsConsoleApp INFO: -Dorg.neo4j.server.properties="conf/neo4j-server.properties" ... ... -- You received this message because you are subscribed to the Google Groups "Neo4j" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
