Can't get TLS working

Neo4j Graph Platform Installation
1

I have Neo4J Community Edition 2025.03 installed. It runs fine without TLS. My system is a virtual machine with Ubuntu. I installed with apt install.

I wish to enable TLS following the steps here: https://neo4j.com/docs/operations-manual/2025.03/security/ssl-framework/ .

Steps taken:

  1. Copy netty-tcnative-2.0.70.Final-linux-x86_64.jar from /usr/share/neo4j/lib/netty-tcnative to /var/lib/neo4j/plugins

  2. In neoj4.conf, set dbms.netty.ssl.provider=OPENSSL

  3. Generated certificates with Let's Encrypt (certbot)

  4. Set the following in neo4j.conf:
    server.bolt.enabled=true
    server.bolt.tls_level=OPTIONAL
    server.bolt.listen_address=:7687
    dbms.ssl.policy.bolt.enabled=true
    dbms.ssl.policy.bolt.base_directory=certificates/bolt
    dbms.ssl.policy.bolt.private_key=private.key
    dbms.ssl.policy.bolt.public_certificate=public.crt

  5. Restarted Neo4J

  6. Attempted to connect with secure Bolt: cypher-shell -u <MYUSER> -p <MYPASS> -a bolt+s://localhost:7687
    Result:
    Unable to write Bolt handshake to localhost:7687.

  7. Attempted to connect with non-secure Bolt: cypher-shell -u <MYUSER> -p <MYPASS> -a bolt://localhost:7687
    Result:
    Connection to the database terminated. Please ensure that your database is listening on the correct host and port and that you have compatible encryption settings both on Neo4j server and driver. Note that the default encryption setting has changed in Neo4j 4.0.

In debug.log, I see a (long) stack trace of errors that includes the following lines:

  • java.lang.IllegalArgumentException: Failed to load any of the given libraries: [netty_tcnative_linux_x86_64, netty_tcnative_linux_x86_64_fedora, netty_tcnative_x86_64, netty_tcnative]
  • java.io.FileNotFoundException: META-INF/native/libnetty_tcnative_x86_64.so
  • java.lang.UnsatisfiedLinkError: no netty_tcnative_x86_64 in java.library.path: /usr/java/packages/lib:/usr/lib/x86_64-linux-gnu/jni:/lib/x86_64-linux-gnu:/usr/lib/x86_64-linux-gnu:/usr/lib/jni:/lib:/usr/lib
  • java.lang.UnsatisfiedLinkError: could not load a native library: netty_tcnative

I guess the netty-tcnative plugin doesn't get loaded. I'd appreciate any help to get this working!

I remark that all runs fine when I set server.bolt.tls_level=DISABLED. Just no TLS then.