Issue with enabling HTTPS protocol in Neo4j 5.8.0

sylvain.p · May 17, 2023, 5:15pm

Hello,

I encountered a problem while trying to enable the HTTPS protocol in Neo4j version 5.8.0 using Python 3.10.6. I followed the instructions provided in the official documentation, but I am unable to enable SSL/TLS encryption for securing connections to Neo4j.

sudo apt update
sudo apt install certbot python3-certbot-apache

Operating System: Linux (tag: linux)
Neo4j Version: 5.8.0
Python Version: 3.10.6

neo4j.conf with HTTPS-related configuration settings



server.directories.data=/var/lib/neo4j/data
server.directories.plugins=/var/lib/neo4j/plugins
server.directories.logs=/var/log/neo4j
server.directories.lib=/usr/share/neo4j/lib

server.directories.import=/var/lib/neo4j/import

server.default_listen_address=0.0.0.0

server.bolt.enabled=true

server.http.enabled=false

server.https.enabled=true
server.https.listen_address=:7473
server.https.advertised_address=:7473

dbms.ssl.policy.https.enabled=true
dbms.ssl.policy.https.base_directory=certificates/https
dbms.ssl.policy.https.private_key=/etc/letsencrypt/live/xxx/privkey.pem
dbms.ssl.policy.https.public_certificate=/etc/letsencrypt/live/xxx/fullchain.pem
dbms.ssl.policy.https.client_auth=NONE


server.jvm.additional=-XX:-OmitStackTraceInFastThrow

server.jvm.additional=-XX:+AlwaysPreTouch

server.jvm.additional=-XX:+UnlockExperimentalVMOptions
server.jvm.additional=-XX:+TrustFinalNonStaticFields

server.jvm.additional=-XX:+DisableExplicitGC

server.jvm.additional=-Djdk.nio.maxCachedBufferSize=1024

server.jvm.additional=-Dio.netty.tryReflectionSetAccessible=true


server.jvm.additional=-Djdk.tls.ephemeralDHKeySize=2048

server.jvm.additional=-Djdk.tls.rejectClientInitiatedRenegotiation=true

server.jvm.additional=-XX:FlightRecorderOptions=stackdepth=256

server.jvm.additional=-XX:+UnlockDiagnosticVMOptions
server.jvm.additional=-XX:+DebugNonSafepoints

server.jvm.additional=--add-opens=java.base/java.nio=ALL-UNNAMED
server.jvm.additional=--add-opens=java.base/java.io=ALL-UNNAMED
server.jvm.additional=--add-opens=java.base/sun.nio.ch=ALL-UNNAMED

server.jvm.additional=-Dlog4j2.disable.jmx=true

server.windows_service_name=neo4j

somes test :

openssl s_client -connect xxx.com:7473
409785DD4A7F0000:error:8000006F:system library:BIO_connect:Connection refused:../crypto/bio/bio_sock2.c:114:calling connect()
409785DD4A7F0000:error:10000067:BIO routines:BIO_connect:connect error:../crypto/bio/bio_sock2.c:116:
connect:errno=111

all flow are open and there have no issue in log.

regards

Topic		Replies	Views
After NEO4J V4.0.0 upgrade - HTTPS set to enabled, but no SSL policy provided - ERROR Neo4j Graph Platform	5	2818	March 8, 2020
Problem starting neo4j server on Ubuntu 18.04 with SSL enabled Server	6	3410	January 24, 2020
HTTPS connection to Neo4j database on remote server Server	7	2881	October 13, 2020
Adding SSL to Neo4j self-hosted on Linux Neo4j Graph Platform	5	418	September 14, 2023
Can't run Neo4j on Port 80 (Google Cloud Platform, Compute Engine) Aura & Cloud	2	445	October 22, 2020

Issue with enabling HTTPS protocol in Neo4j 5.8.0

Related topics