"Empty Password" error: Neo4j Desktop SSL

I get some exceptions after following SSL Neo4j guide.

I generated an RSA private key in ppk format with puttygen. I converted the key to pem format and saved it as "private.key" in the certficates/bolt directory. I suspect this is the process that I messed up.

The logs start with "password empty".
A telling line is:

Caused by: org.bouncycastle.openssl.PEMException: Unable to create OpenSSL PBDKF: Could not generate secret key

Would someone help me learn what these errors mean?
The full logs are below. Thank you for reading! :blush:

Version 4.03

2020-04-15 02:29:40.385+0000 INFO  ======== Neo4j 4.0.3 ========
2020-04-15 02:29:40.393+0000 INFO  Starting...
2020-04-15 02:29:42.280+0000 ERROR Failed to start Neo4j: Starting Neo4j failed: Component 'org.neo4j.server.database.LifecycleManagingDatabaseService@841e575' was successfully initialized, but failed to start. Please see the attached cause exception "password empty". Starting Neo4j failed: Component 'org.neo4j.server.database.LifecycleManagingDatabaseService@841e575' was successfully initialized, but failed to start. Please see the attached cause exception "password empty".
org.neo4j.server.ServerStartupException: Starting Neo4j failed: Component 'org.neo4j.server.database.LifecycleManagingDatabaseService@841e575' was successfully initialized, but failed to start. Please see the attached cause exception "password empty".
	at org.neo4j.server.exception.ServerStartupErrors.translateToServerStartupError(ServerStartupErrors.java:45)
	at org.neo4j.server.AbstractNeoServer.start(AbstractNeoServer.java:164)
	at org.neo4j.server.ServerBootstrapper.start(ServerBootstrapper.java:114)
	at org.neo4j.server.ServerBootstrapper.start(ServerBootstrapper.java:89)
	at com.neo4j.server.enterprise.EnterpriseEntryPoint.main(EnterpriseEntryPoint.java:25)
Caused by: org.neo4j.kernel.lifecycle.LifecycleException: Component 'org.neo4j.server.database.LifecycleManagingDatabaseService@841e575' was successfully initialized, but failed to start. Please see the attached cause exception "password empty".
	at org.neo4j.kernel.lifecycle.LifeSupport$LifecycleInstance.start(LifeSupport.java:465)
	at org.neo4j.kernel.lifecycle.LifeSupport.start(LifeSupport.java:111)
	at org.neo4j.server.AbstractNeoServer.start(AbstractNeoServer.java:157)
	... 3 more
Caused by: java.lang.RuntimeException: Failed to load private key: C:\Users\Lee\.Neo4jDesktop\neo4jDatabases\database-9ba29752-2e5c-4af7-9215-82d8feb4e023\installation-4.0.3\certificates\bolt\private.key
	at org.neo4j.ssl.config.SslPolicyLoader.loadPrivateKey(SslPolicyLoader.java:289)
	at org.neo4j.ssl.config.SslPolicyLoader.pemKeyAndChain(SslPolicyLoader.java:219)
	at org.neo4j.ssl.config.SslPolicyLoader.createSslPolicy(SslPolicyLoader.java:162)
	at org.neo4j.ssl.config.SslPolicyLoader.addPolicy(SslPolicyLoader.java:143)
	at java.base/java.util.HashMap$Values.forEach(HashMap.java:976)
	at org.neo4j.ssl.config.SslPolicyLoader.load(SslPolicyLoader.java:133)
	at org.neo4j.ssl.config.SslPolicyLoader.create(SslPolicyLoader.java:96)
	at org.neo4j.graphdb.factory.module.edition.CommunityEditionModule.<init>(CommunityEditionModule.java:110)
	at com.neo4j.enterprise.edition.EnterpriseEditionModule.<init>(EnterpriseEditionModule.java:114)
	at com.neo4j.enterprise.edition.EnterpriseEditionModule.<init>(EnterpriseEditionModule.java:109)
	at org.neo4j.graphdb.facade.DatabaseManagementServiceFactory.build(DatabaseManagementServiceFactory.java:118)
	at com.neo4j.server.database.EnterpriseGraphFactory.newDatabaseManagementService(EnterpriseGraphFactory.java:38)
	at org.neo4j.server.database.LifecycleManagingDatabaseService.start(LifecycleManagingDatabaseService.java:88)
	at org.neo4j.kernel.lifecycle.LifeSupport$LifecycleInstance.start(LifeSupport.java:444)
	... 5 more
Caused by: org.bouncycastle.openssl.PEMException: Unable to create OpenSSL PBDKF: Could not generate secret key
	at org.bouncycastle.openssl.jcajce.PEMUtilities.getKey(Unknown Source)
	at org.bouncycastle.openssl.jcajce.PEMUtilities.crypt(Unknown Source)
	at org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder$1$1.decrypt(Unknown Source)
	at org.bouncycastle.openssl.PEMEncryptedKeyPair.decryptKeyPair(Unknown Source)
	at org.neo4j.ssl.PkiUtils.loadPrivateKey(PkiUtils.java:114)
	at org.neo4j.ssl.config.SslPolicyLoader.loadPrivateKey(SslPolicyLoader.java:284)
	... 18 more
Caused by: java.security.spec.InvalidKeySpecException: Could not generate secret key
	at java.base/javax.crypto.SecretKeyFactory.generateSecret(SecretKeyFactory.java:355)
	... 24 more
Caused by: java.lang.IllegalArgumentException: password empty
	at org.bouncycastle.jcajce.provider.symmetric.OpenSSLPBKDF$PBKDF.engineGenerateSecret(Unknown Source)
	at java.base/javax.crypto.SecretKeyFactory.generateSecret(SecretKeyFactory.java:344)
	... 24 more
2020-04-15 02:29:42.283+0000 INFO  Neo4j Server shutdown initiated by request

"Empty Password" means that I did not supply a password for the certificate.
I set a password in the config file. Find the config file like so:

1, Click the ellipses on the top right corner of Graph
image
2. click manage
3. click the settings tab
4. you can also find the config file for the db in its installation path.

Within the config file--

  1. ctrl f "Bolt SSL configuration"
  2. add the line "dbms.ssl.policy.bolt.private_key_password="

Clearly, I don't know much about TLS/SSL.
Reading this free book helped me out: https://www.feistyduck.com/library/openssl-cookbook/

Puttygen can generate a private key but it cannot create a certificate or sign it.
OpenSSL can do everything you could need to do with SSL.