Dan,
following your procedure I get in data/graph.db/messages.log:
Caused by: java.security.InvalidKeyException: IOException : DER input,
Integer tag error
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:350) ~[na:1.7.0_80]
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:356) ~[na:1.7.0_80]
at
sun.security.rsa.RSAPrivateCrtKeyImpl.<init>(RSAPrivateCrtKeyImpl.java:91)
~[na:1.7.0_80]
at
sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(RSAPrivateCrtKeyImpl.java:75)
~[na:1.7.0_80]
at
sun.security.rsa.RSAKeyFactory.generatePrivate(RSAKeyFactory.java:316)
~[na:1.7.0_80]
at
sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:213)
~[na:1.7.0_80]
Don't yet understand what this means, but looks like the format of the
keyfile is wrong.
Some years ago I've added support for chained certificates, see my
reply on http://stackoverflow.com/questions/29481750/neo4j-certificate-chain.
Maybe that helps.
Cheers,
Stefan
2015-05-16 3:00 GMT+02:00 Dan <[email protected]>:
> I'm having trouble getting neo4j to work with my own SSL certificates (this
> is both on Windows and Linux). When attempting to start server it sits at
> log entry "Enabling HTTPS on port :7473" for around 7 seconds and then
> terminates with no error message.
>
> So, I'm not sure if there is a problem with the format of the certificates
> I’m dealing with vs what neo4j expects. If I use neo4j's
> SslCertifcateFactory.java code to create a self signed certificate that also
> works. But when I use my company's certs or one I create via keytool (as
> below), the server never starts. Here is an example of some testing I did
> recently with a self signed certificate generated via keytool that does not
> work. I thought I read somewhere that neo4j expect certs to be in "der"
> format which is what I did below.
>
> I am more used to configuring SSL in jetty (for example) where I simply list
> in jetty.xml file the keystore path and password, as opposed to including
> the individual certificates as separate files as neo4j appears to require.
>
> Any help resolving this problem would be appreciated.
>
> Sample steps I followed to create certs that did not work are as follows:
>
> *** create keys and keystore
> keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks
> -storepass password -validity 360 -keysize 2048
>
> *** export certificate from keystore
> keytool -export -alias selfsigned -file test.cert -keystore keystore.jks
>
> *** export private key from keystore
> keytool -v -importkeystore -srckeystore keystore.jks -srcalias selfsigned
> -destkeystore test.p12 -deststoretype PKCS12
> openssl pkcs12 -in test.p12 -out test.pem
> openssl x509 -outform der -in test.pem -out test.key
>
> **** changed relevant lines in neo4j-server.properties
> # Certificate location (auto generated if the file does not exist)
> #org.neo4j.server.webserver.https.cert.location=conf/ssl/snakeoil.cert
> org.neo4j.server.webserver.https.cert.location=E:/CERTS/test.cert
> # Private key location (auto generated if the file does not exist)
> #org.neo4j.server.webserver.https.key.location=conf/ssl/snakeoil.key
> org.neo4j.server.webserver.https.key.location=E:/CERTS/test.key
> # Internally generated keystore (don't try to put your own
> # keystore there, it will get deleted when the server starts)
> org.neo4j.server.webserver.https.keystore.location=data/keystore
>
> When starting neo4j server, the following log entries appear. It sits at
> "Enabling HTTPS on port :7473" step for 7 seconds
> and then server terminates (and no error message appears on screen or in any
> log file).
>
> 2015-05-16 00:28:11.203+0000 INFO [API] Setting startup timeout to:
> 120000ms based on 120000
> 2015-05-16 00:28:13.658+0000 INFO [API] Successfully started database
> 2015-05-16 00:28:13.696+0000 INFO [API] Starting HTTP on port :7474 with 4
> threads available
> 2015-05-16 00:28:13.840+0000 INFO [API] Enabling HTTPS on port :7473
> May 15, 2015 8:28:20 PM org.neo4j.wrapper.NeoServiceWrapper
> launchAsConsoleApp
> INFO: Params
> May 15, 2015 8:28:20 PM org.neo4j.wrapper.NeoServiceWrapper
> launchAsConsoleApp
> INFO: -Dorg.neo4j.server.properties="conf/neo4j-server.properties"
> ...
> ...
>
> --
> You received this message because you are subscribed to the Google Groups
> "Neo4j" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Neo4j" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
