Certificate issue

dariusaudryc · October 10, 2018, 3:54am

It seems that I cannot generate my certificate automatically. This is my log:

2018-10-10 03:47:36.224+0000 INFO  ======== Neo4j 3.4.8 ========                                                                                                                                                  
2018-10-10 03:47:36.264+0000 INFO  Starting...                                                                                                                                                                    
2018-10-10 03:47:38.281+0000 ERROR Failed to start Neo4j: Starting Neo4j failed: Component 'org.neo4j.server.database.LifecycleManagingDatabase@58ce9668' was successfully initialized, but failed to start. Pleas
e see the attached cause exception "/opt/neo4j-community-3.4.8/certificates/neo4j.cert (No such file or directory)". Starting Neo4j failed: Component 'org.neo4j.server.database.LifecycleManagingDatabase@58ce966
8' was successfully initialized, but failed to start. Please see the attached cause exception "/opt/neo4j-community-3.4.8/certificates/neo4j.cert (No such file or directory)".                                   
org.neo4j.server.ServerStartupException: Starting Neo4j failed: Component 'org.neo4j.server.database.LifecycleManagingDatabase@58ce9668' was successfully initialized, but failed to start. Please see the attache
d cause exception "/opt/neo4j-community-3.4.8/certificates/neo4j.cert (No such file or directory)".                                                                                                               
        at org.neo4j.server.exception.ServerStartupErrors.translateToServerStartupError(ServerStartupErrors.java:68)                                                                                              
        at org.neo4j.server.AbstractNeoServer.start(AbstractNeoServer.java:220)                                                                                                                                   
        at org.neo4j.server.ServerBootstrapper.start(ServerBootstrapper.java:111)                                                                                                                                 
        at org.neo4j.server.ServerBootstrapper.start(ServerBootstrapper.java:79)                                                                                                                                  
        at org.neo4j.server.CommunityEntryPoint.main(CommunityEntryPoint.java:32)                                                                                                                                 
Caused by: org.neo4j.kernel.lifecycle.LifecycleException: Component 'org.neo4j.server.database.LifecycleManagingDatabase@58ce9668' was successfully initialized, but failed to start. Please see the attached caus
e exception "/opt/neo4j-community-3.4.8/certificates/neo4j.cert (No such file or directory)".                                                                                                                     
        at org.neo4j.kernel.lifecycle.LifeSupport$LifecycleInstance.start(LifeSupport.java:466)                                                                                                                   
        at org.neo4j.kernel.lifecycle.LifeSupport.start(LifeSupport.java:107)                                                                                                                                     
        at org.neo4j.server.AbstractNeoServer.start(AbstractNeoServer.java:212)
        ... 3 more
Caused by: java.lang.RuntimeException: Error starting org.neo4j.kernel.impl.factory.GraphDatabaseFacadeFactory, /opt/neo4j-community-3.4.8/data/databases/graph.db
        at org.neo4j.kernel.impl.factory.GraphDatabaseFacadeFactory.initFacade(GraphDatabaseFacadeFactory.java:212)
        at org.neo4j.kernel.impl.factory.GraphDatabaseFacadeFactory.newFacade(GraphDatabaseFacadeFactory.java:125)
        at org.neo4j.server.CommunityNeoServer.lambda$static$0(CommunityNeoServer.java:58)
        at org.neo4j.server.database.LifecycleManagingDatabase.start(LifecycleManagingDatabase.java:88)
        at org.neo4j.kernel.lifecycle.LifeSupport$LifecycleInstance.start(LifeSupport.java:445)
        ... 5 more
Caused by: org.neo4j.kernel.lifecycle.LifecycleException: Component 'org.neo4j.kernel.extension.KernelExtensions@19c65cdc' failed to initialize. Please see the attached cause exception "/opt/neo4j-community-3.4.8/certificates/neo4j.cert (No such file or directory)".
        at org.neo4j.kernel.lifecycle.LifeSupport$LifecycleInstance.init(LifeSupport.java:427)
        at org.neo4j.kernel.lifecycle.LifeSupport.init(LifeSupport.java:62)
        at org.neo4j.kernel.lifecycle.LifeSupport.start(LifeSupport.java:98)
        at org.neo4j.kernel.impl.factory.GraphDatabaseFacadeFactory.initFacade(GraphDatabaseFacadeFactory.java:208)
        ... 9 more
Caused by: java.lang.RuntimeException: Failed to initialize SSL encryption support, which is required to start this connector. Error was: Failed to generate private key and certificate
        at org.neo4j.bolt.BoltKernelExtension.createSslContext(BoltKernelExtension.java:243)
        at org.neo4j.bolt.BoltKernelExtension.lambda$createConnectors$0(BoltKernelExtension.java:204)
        at java.util.stream.Collectors.lambda$toMap$58(Collectors.java:1321)
        at java.util.stream.ReduceOps$3ReducingSink.accept(ReduceOps.java:169)
        at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1374)
        at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
        at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
        at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708)
        at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
        at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499)
        at org.neo4j.bolt.BoltKernelExtension.createConnectors(BoltKernelExtension.java:188)
        at org.neo4j.bolt.BoltKernelExtension.newInstance(BoltKernelExtension.java:165)
        at org.neo4j.bolt.BoltKernelExtension.newInstance(BoltKernelExtension.java:84)
        at org.neo4j.kernel.extension.KernelExtensions.newInstance(KernelExtensions.java:78)
        at org.neo4j.kernel.extension.KernelExtensions.init(KernelExtensions.java:61)
        at org.neo4j.kernel.lifecycle.LifeSupport$LifecycleInstance.init(LifeSupport.java:406)
        ... 12 more
Caused by: java.lang.RuntimeException: Failed to generate private key and certificate
        at org.neo4j.kernel.configuration.ssl.SslPolicyLoader.loadOrCreateLegacyPolicy(SslPolicyLoader.java:156)
        at org.neo4j.kernel.configuration.ssl.SslPolicyLoader.getOrCreateLegacyPolicy(SslPolicyLoader.java:137)
        at org.neo4j.kernel.configuration.ssl.SslPolicyLoader.getPolicy(SslPolicyLoader.java:118)
        at org.neo4j.bolt.BoltKernelExtension.createSslContext(BoltKernelExtension.java:238)
        ... 27 more
Caused by: java.io.FileNotFoundException: /opt/neo4j-community-3.4.8/certificates/neo4j.cert (No such file or directory)
        at java.io.FileOutputStream.open0(Native Method)
        at java.io.FileOutputStream.open(FileOutputStream.java:270)
        at java.io.FileOutputStream.<init>(FileOutputStream.java:213)
        at java.io.FileOutputStream.<init>(FileOutputStream.java:162)
        at java.io.FileWriter.<init>(FileWriter.java:90)
        at org.neo4j.ssl.PkiUtils.writePem(PkiUtils.java:229)
        at org.neo4j.ssl.PkiUtils.createSelfSignedCertificate(PkiUtils.java:116)
        at org.neo4j.kernel.configuration.ssl.SslPolicyLoader.loadOrCreateLegacyPolicy(SslPolicyLoader.java:152)
        ... 30 more
2018-10-10 03:47:38.283+0000 INFO  Neo4j Server shutdown initiated by request
Cleaning up partially generated self-signed certificate...

Can someone shed some light on this (I never have this problem with 3.3 or any neo4j previous versions)? By the way, I don't which category should I put this in.

david_allen · October 10, 2018, 4:10pm

I can't tell you exactly what the issue is, but let me lay out a few things that will hopefully let you find it.

Literally what this error means is that the database is looking in a particular directory for your file and can't find it. The fix is to change your configuration to point to the right place. Below are examples from my working config. You can change them to whatever you need, but this is how the database knows where to look.

In my working config, I have a line like this:

dbms.directories.certificates=/var/lib/neo4j/certificates

that tells the DB to look in that directory for certificates. Separately, you might have a line like this:

dbms.ssl.policy.default.base_directory=/var/lib/neo4j/certificates

This is tricky -- this is actually claiming that there is a policy called "default" and that all of the certs for the "default" policy live in that directory.

dbms.ssl.policy.default.private_key=/var/lib/neo4j/certificates/neo4j.key dbms.ssl.policy.default.public_certificate=/var/lib/neo4j/certificates/neo4j.cert

That's specifying exactly where the private key for the "default" policy is, and the public cert.

Finally:

bolt.ssl_policy=default

This means that bolt ssl should use the "default" policy. That is, the policy named default which were defined in those other parameters and not some built-into the database default. If you had named it "foo" above instead of default all the same would apply.

dariusaudryc · October 11, 2018, 2:27am

Can you tell me how do you do the installation? In my previous experience with neo4j 3.3, when I downloaded, and unzip it, I will get the certificate right away.

I am also aware of the problem that neo4j cannot locate the certificate directory. And there is no neo4j certificate in 3.4. Is that also the case for you? if it is, how did you get your certificate directory (not where it is, because I will know where it is if it is there).

Also, I did not change anything on the ssl section in neo4j.conf. Do I need to do something there, and follow your example and change all of them accordingly?

david_allen · October 15, 2018, 6:16pm

Sorry for the late response. My best instructions on how to configure certificates are here:

Whether or not there is a directory depends on your install method (tarball, dpkg, rpm, cloud image, etc). Some more details are needed here - also, you must change a number of settings in the SSL section in order to enable a signed certificate. Please follow the blog post again and post follow-up questions about your experiences with this.

michael.hunger · October 16, 2018, 6:58pm

Can you try if 3.4.7 works for you? Seems to be a regression as the other user reported. I asked the eng-team.

dariusaudryc · October 24, 2018, 2:14am

Hi There, any news on the certificate issue? I haven't tried the 3.4.7 yet, I can't seem to find the link to download 3.4.7 that I can trust?

michael.hunger · October 24, 2018, 10:17pm

Try this:

https://go.neo4j.com/download-thanks.html?edition=community&release=3.4.7&flavour=unix

dariusaudryc · October 29, 2018, 5:27am

Hi Michael,

Sorry for the long reply. yes 3.4.7 works well for me. I was too excited to start working on it that I forgot to reply you.

Cheers,
Darius Audryc

Topic		Replies	Views
Neo4j server doesnt start Neo4j Graph Platform	1	1262	April 1, 2020
Problem starting neo4j server on Ubuntu 18.04 with SSL enabled Server	6	3402	January 24, 2020
Neo4j-Desktop doesn't start Up Desktop neo4j-desktop , mac	1	380	July 24, 2023
Failing to start the neo4j database Neo4j Graph Platform operations	0	880	February 17, 2022
Setting up single node SSL Operations	3	2029	September 4, 2020

Certificate issue

Related topics