Thanks Stefan, I was not aware of log files being put in database folder...I was only looking at console output and log file under data/log. So, this should help me trouble shoot problem.
Thanks, Dan On Saturday, May 16, 2015 at 5:14:17 AM UTC-4, Stefan Armbruster wrote: > Dan, > > following your procedure I get in data/graph.db/messages.log: > > Caused by: java.security.InvalidKeyException: IOException : DER input, > Integer tag error > at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:350) > ~[na:1.7.0_80] > at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:356) > ~[na:1.7.0_80] > at > sun.security.rsa.RSAPrivateCrtKeyImpl.<init>(RSAPrivateCrtKeyImpl.java:91) > ~[na:1.7.0_80] > at > sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(RSAPrivateCrtKeyImpl.java:75) > ~[na:1.7.0_80] > at > sun.security.rsa.RSAKeyFactory.generatePrivate(RSAKeyFactory.java:316) > ~[na:1.7.0_80] > at > sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:213) > > ~[na:1.7.0_80] > > Don't yet understand what this means, but looks like the format of the > keyfile is wrong. > > Some years ago I've added support for chained certificates, see my > reply on > http://stackoverflow.com/questions/29481750/neo4j-certificate-chain. > Maybe that helps. > > Cheers, > Stefan > > 2015-05-16 3:00 GMT+02:00 Dan <[email protected] <javascript:>>: > > I'm having trouble getting neo4j to work with my own SSL certificates > (this > > is both on Windows and Linux). When attempting to start server it sits > at > > log entry "Enabling HTTPS on port :7473" for around 7 seconds and then > > terminates with no error message. > > > > So, I'm not sure if there is a problem with the format of the > certificates > > I’m dealing with vs what neo4j expects. If I use neo4j's > > SslCertifcateFactory.java code to create a self signed certificate that > also > > works. But when I use my company's certs or one I create via keytool > (as > > below), the server never starts. Here is an example of some testing I > did > > recently with a self signed certificate generated via keytool that does > not > > work. I thought I read somewhere that neo4j expect certs to be in "der" > > format which is what I did below. > > > > I am more used to configuring SSL in jetty (for example) where I simply > list > > in jetty.xml file the keystore path and password, as opposed to > including > > the individual certificates as separate files as neo4j appears to > require. > > > > Any help resolving this problem would be appreciated. > > > > Sample steps I followed to create certs that did not work are as > follows: > > > > *** create keys and keystore > > keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks > > -storepass password -validity 360 -keysize 2048 > > > > *** export certificate from keystore > > keytool -export -alias selfsigned -file test.cert -keystore keystore.jks > > > > *** export private key from keystore > > keytool -v -importkeystore -srckeystore keystore.jks -srcalias > selfsigned > > -destkeystore test.p12 -deststoretype PKCS12 > > openssl pkcs12 -in test.p12 -out test.pem > > openssl x509 -outform der -in test.pem -out test.key > > > > **** changed relevant lines in neo4j-server.properties > > # Certificate location (auto generated if the file does not exist) > > #org.neo4j.server.webserver.https.cert.location=conf/ssl/snakeoil.cert > > org.neo4j.server.webserver.https.cert.location=E:/CERTS/test.cert > > # Private key location (auto generated if the file does not exist) > > #org.neo4j.server.webserver.https.key.location=conf/ssl/snakeoil.key > > org.neo4j.server.webserver.https.key.location=E:/CERTS/test.key > > # Internally generated keystore (don't try to put your own > > # keystore there, it will get deleted when the server starts) > > org.neo4j.server.webserver.https.keystore.location=data/keystore > > > > When starting neo4j server, the following log entries appear. It sits > at > > "Enabling HTTPS on port :7473" step for 7 seconds > > and then server terminates (and no error message appears on screen or in > any > > log file). > > > > 2015-05-16 00:28:11.203+0000 INFO [API] Setting startup timeout to: > > 120000ms based on 120000 > > 2015-05-16 00:28:13.658+0000 INFO [API] Successfully started database > > 2015-05-16 00:28:13.696+0000 INFO [API] Starting HTTP on port :7474 > with 4 > > threads available > > 2015-05-16 00:28:13.840+0000 INFO [API] Enabling HTTPS on port :7473 > > May 15, 2015 8:28:20 PM org.neo4j.wrapper.NeoServiceWrapper > > launchAsConsoleApp > > INFO: Params > > May 15, 2015 8:28:20 PM org.neo4j.wrapper.NeoServiceWrapper > > launchAsConsoleApp > > INFO: -Dorg.neo4j.server.properties="conf/neo4j-server.properties" > > ... > > ... > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "Neo4j" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Neo4j" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
