SSLPrivateKeyMethod related issue when enabling SSL configuration

Neo4j Graph Platform
1

I am having issues enabling SSL configuration.
I walked through the guide provided on docs and searched through the other peoples posts but still cannot make it work. Therefore I kindly ask for your help :slight_smile:

I am using neo4j 4.1.0 Enterprise on macOS Catalina ver. 10.15.5
When starting server I receive following error:

2020-07-06 16:54:16.837+0000 INFO  Starting...
2020-07-06 16:54:24.804+0000 INFO  ======== Neo4j 4.1.0 ========
2020-07-06 16:54:25.162+0000 ERROR Failed to start Neo4j on dbms.connector.http.listen_address, a socket address. If missing port or hostname it is acquired from dbms.default_listen_address. Error starting Neo4j database server at /Users/xxx/Library/Application Support/Neo4j Desktop/Application/neo4jDatabases/database-abc65513-dd91-4140-b69c-201fc2ec2aa8/installation-4.1.0/data/databases
java.lang.RuntimeException: Error starting Neo4j database server at /Users/xxx/Library/Application Support/Neo4j Desktop/Application/neo4jDatabases/database-abc65513-dd91-4140-b69c-201fc2ec2aa8/installation-4.1.0/data/databases
	at org.neo4j.graphdb.facade.DatabaseManagementServiceFactory.startDatabaseServer(DatabaseManagementServiceFactory.java:198)
	at org.neo4j.graphdb.facade.DatabaseManagementServiceFactory.build(DatabaseManagementServiceFactory.java:158)
	at com.neo4j.server.enterprise.EnterpriseManagementServiceFactory.createManagementService(EnterpriseManagementServiceFactory.java:38)
	at com.neo4j.server.enterprise.EnterpriseBootstrapper.createNeo(EnterpriseBootstrapper.java:20)
	at org.neo4j.server.NeoBootstrapper.start(NeoBootstrapper.java:117)
	at org.neo4j.server.NeoBootstrapper.start(NeoBootstrapper.java:87)
	at com.neo4j.server.enterprise.EnterpriseEntryPoint.main(EnterpriseEntryPoint.java:25)
Caused by: org.neo4j.kernel.lifecycle.LifecycleException: Component 'org.neo4j.bolt.BoltServer@29dcdd1c' failed to initialize. Please see the attached cause exception "io.netty.internal.tcnative.SSLPrivateKeyMethod".
	at org.neo4j.kernel.lifecycle.LifeSupport$LifecycleInstance.init(LifeSupport.java:424)
	at org.neo4j.kernel.lifecycle.LifeSupport.init(LifeSupport.java:65)
	at org.neo4j.kernel.lifecycle.LifeSupport.start(LifeSupport.java:101)
	at org.neo4j.graphdb.facade.DatabaseManagementServiceFactory.startDatabaseServer(DatabaseManagementServiceFactory.java:189)
	... 6 more
Caused by: java.lang.NoClassDefFoundError: io/netty/internal/tcnative/SSLPrivateKeyMethod
	at io.netty.handler.ssl.SslContext.newServerContextInternal(SslContext.java:471)
	at io.netty.handler.ssl.SslContextBuilder.build(SslContextBuilder.java:571)
	at org.neo4j.ssl.SslPolicy.nettyServerContext(SslPolicy.java:82)
	at org.neo4j.bolt.BoltServer.createSslContext(BoltServer.java:286)
	at org.neo4j.bolt.BoltServer.createExternalProtocolInitializer(BoltServer.java:252)
	at org.neo4j.bolt.BoltServer.init(BoltServer.java:154)
	at org.neo4j.kernel.lifecycle.LifeSupport$LifecycleInstance.init(LifeSupport.java:403)
	... 9 more
Caused by: java.lang.ClassNotFoundException: io.netty.internal.tcnative.SSLPrivateKeyMethod
	at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:581)
	at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)
	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)
	... 16 more
2020-07-06 16:54:25.162+0000 INFO  Neo4j Server shutdown initiated by request

Server fails to start when line dbms.connector.bolt.tls_level=OPTIONAL is uncommented.

If I am not mistaken it is related to io/netty/internal/tcnative/SSLPrivateKeyMethod
I spent much time trying to figure out what is the problem and I have no clue how to proceed anymore.

I generated self-signed certificate with command:

openssl req \
       -newkey rsa:2048 -nodes -keyout private.key \
       -x509 -days 365 -out public.crt

certificate folder structure is following

└── default
    ├── private.key
    ├── public.crt
    ├── revoked
    └── trusted

plugins are following:

netty-all-4.1.50.Final-sources.jar
netty-all-4.1.50.Final.jar

My configuration neo4j.conf is following:

#*****************************************************************
# Neo4j configuration
#
# For more details and a complete list of settings, please see
# https://neo4j.com/docs/operations-manual/current/reference/configuration-settings/
#*****************************************************************

# This setting constrains all `LOAD CSV` import files to be under the `import` directory. Remove or comment it out to
# allow files to be loaded from anywhere in the filesystem; this introduces possible security problems. See the
# `LOAD CSV` section of the manual for details.
dbms.directories.import=import

# Whether requests to Neo4j are authenticated.
# To disable authentication, uncomment this line
dbms.security.auth_enabled=true


#********************************************************************
# Memory Settings
#********************************************************************

# Java Heap Size: by default the Java heap size is dynamically calculated based
# on available system resources. Uncomment these lines to set specific initial
# and maximum heap size.
dbms.memory.heap.initial_size=512m
dbms.memory.heap.max_size=1G

# The amount of memory to use for mapping the store files.
# The default page cache memory assumes the machine is dedicated to running
# Neo4j, and is heuristically set to 50% of RAM minus the Java heap size.
dbms.memory.pagecache.size=512m

# Transaction state location. It is recommended to use ON_HEAP.
dbms.tx_state.memory_allocation=ON_HEAP


#*****************************************************************
# Network connector configuration
#*****************************************************************

# With default configuration Neo4j only accepts local connections.
# To accept non-local connections, uncomment this line:
dbms.default_listen_address=0.0.0.0

# Bolt connector
dbms.connector.bolt.enabled=true
dbms.connector.bolt.tls_level=OPTIONAL
#dbms.connector.bolt.listen_address=:7687
#dbms.connector.bolt.advertised_address=localhost:9000

# HTTP Connector. There can be zero or one HTTP connectors.
dbms.connector.http.enabled=true
#dbms.connector.http.listen_address=:7474

# HTTPS Connector. There can be zero or one HTTPS connectors.
dbms.connector.https.enabled=true
#dbms.connector.https.listen_address=:7473


#*****************************************************************
# SSL policy configuration
#*****************************************************************

# Bolt SSL configuration
dbms.ssl.policy.bolt.enabled=true
dbms.ssl.policy.bolt.base_directory=certificates/default
dbms.ssl.policy.bolt.private_key=private.key
dbms.ssl.policy.bolt.public_certificate=public.crt
dbms.ssl.policy.bolt.client_auth=NONE
dbms.ssl.policy.bolt.trust_all=true

# Https SSL configuration
dbms.ssl.policy.https.enabled=true
dbms.ssl.policy.https.base_directory=certificates/default
dbms.ssl.policy.https.private_key=private.key
dbms.ssl.policy.https.public_certificate=public.crt
dbms.ssl.policy.https.client_auth=NONE
dbms.ssl.policy.https.trust_all=true


#*****************************************************************
# Miscellaneous configuration
#*****************************************************************

# A comma separated list of procedures and user defined functions that are allowed
# full access to the database through unsupported/insecure internal APIs.
dbms.security.procedures.unrestricted=apoc.*


#********************************************************************
# JVM Parameters
#********************************************************************

# G1GC generally strikes a good balance between throughput and tail
# latency, without too much tuning.
dbms.jvm.additional=-XX:+UseG1GC

# Have common exceptions keep producing stack traces, so they can be
# debugged regardless of how often logs are rotated.
dbms.jvm.additional=-XX:-OmitStackTraceInFastThrow

# Make sure that `initmemory` is not only allocated, but committed to
# the process, before starting the database. This reduces memory
# fragmentation, increasing the effectiveness of transparent huge
# pages. It also reduces the possibility of seeing performance drop
# due to heap-growing GC events, where a decrease in available page
# cache leads to an increase in mean IO response time.
# Try reducing the heap memory, if this flag degrades performance.
dbms.jvm.additional=-XX:+AlwaysPreTouch

# Trust that non-static final fields are really final.
# This allows more optimizations and improves overall performance.
# NOTE: Disable this if you use embedded mode, or have extensions or dependencies that may use reflection or
# serialization to change the value of final fields!
dbms.jvm.additional=-XX:+UnlockExperimentalVMOptions
dbms.jvm.additional=-XX:+TrustFinalNonStaticFields

# Disable explicit garbage collection, which is occasionally invoked by the JDK itself.
dbms.jvm.additional=-XX:+DisableExplicitGC

#Increase maximum number of nested calls that are can be inlined from 9 (default) to 15
dbms.jvm.additional=-XX:MaxInlineLevel=15

# Restrict size of cached JDK buffers to 256 KB
dbms.jvm.additional=-Djdk.nio.maxCachedBufferSize=262144

# More efficient buffer allocation in Netty by allowing direct no cleaner buffers.
dbms.jvm.additional=-Dio.netty.tryReflectionSetAccessible=true

# Expand Diffie Hellman (DH) key size from default 1024 to 2048 for DH-RSA cipher suites used in server TLS handshakes.
# This is to protect the server from any potential passive eavesdropping.
dbms.jvm.additional=-Djdk.tls.ephemeralDHKeySize=2048

# This mitigates a DDoS vector.
dbms.jvm.additional=-Djdk.tls.rejectClientInitiatedRenegotiation=true

# Increase the default flight recorder stack sampling depth from 64 to 256, to avoid truncating frames when profiling.
dbms.jvm.additional=-XX:FlightRecorderOptions=stackdepth=256

# Allow profilers to sample between safepoints. Without this, sampling profilers may produce less accurate results.
dbms.jvm.additional=-XX:+UnlockDiagnosticVMOptions
dbms.jvm.additional=-XX:+DebugNonSafepoints

#********************************************************************
# Wrapper Windows NT/2000/XP Service Properties
#********************************************************************
# WARNING - Do not modify any of these properties when an application
#  using this configuration file has been installed as a service.
#  Please uninstall the service before modifying this section.  The
#  service can then be reinstalled.

# Name of the service
dbms.windows_service_name=neo4j

#********************************************************************
# Other Neo4j system properties
#********************************************************************

dbms.netty.ssl.provider=OPENSSL

Does anyone have clue what is the reason for my issues?

2

What worked for me was replacing

netty-all-4.1.50.Final-sources.jar

netty-all-4.1.50.Final.jar

with

netty-tcnative-2.0.31.Final-osx-x86_64.jar

netty-tcnative-2.0.31.Final-sources.jar

1 Like
3

I've got the pretty same issue here trying to enable HTTPs for Neo4j. I've also tried different versions of Neo4j, used different settings in the configuration file, and downloaded various versions of netty, while using either netty-all or netty-tcnative jar files. Nevertheless, I believe the reason must lay within the usage of netty.

The following error messages stem from running Neo4j 4.1.3 (4.2.2 shows the same error messages) on a Ubuntu server.

When using any netty-tcnative version jar file (here:

netty-tcnative-2.0.30.Final-osx-x86_64.jar netty-tcnative-2.0.30.Final-sources.jar

), the following error message appears:

2021-01-22 18:44:34.284+0000 INFO  Starting...
2021-01-22 18:44:38.594+0000 INFO  ======== Neo4j 4.1.3 ========
2021-01-22 18:44:38.786+0000 ERROR Failed to start Neo4j on dbms.connector.http.listen_address, a socket address. If missing port or hostname it is acquired from dbms.default_listen_address. Error s>java.lang.RuntimeException: Error starting Neo4j database server at /var/lib/neo4j/data/databases
        at org.neo4j.graphdb.facade.DatabaseManagementServiceFactory.startDatabaseServer(DatabaseManagementServiceFactory.java:198)
        at org.neo4j.graphdb.facade.DatabaseManagementServiceFactory.build(DatabaseManagementServiceFactory.java:158)
        at org.neo4j.server.CommunityBootstrapper.createNeo(CommunityBootstrapper.java:36)
        at org.neo4j.server.NeoBootstrapper.start(NeoBootstrapper.java:117)
        at org.neo4j.server.NeoBootstrapper.start(NeoBootstrapper.java:87)
        at org.neo4j.server.CommunityEntryPoint.main(CommunityEntryPoint.java:35)
Caused by: org.neo4j.kernel.lifecycle.LifecycleException: Component 'org.neo4j.bolt.BoltServer@766a49c7' failed to initialize. Please see the attached cause exception "Failed to load any of the give>        at org.neo4j.kernel.lifecycle.LifeSupport$LifecycleInstance.init(LifeSupport.java:424)
        at org.neo4j.kernel.lifecycle.LifeSupport.init(LifeSupport.java:65)
        at org.neo4j.kernel.lifecycle.LifeSupport.start(LifeSupport.java:101)
        at org.neo4j.graphdb.facade.DatabaseManagementServiceFactory.startDatabaseServer(DatabaseManagementServiceFactory.java:189)
        ... 5 more
Caused by: java.lang.UnsatisfiedLinkError: failed to load the required native library
        at io.netty.handler.ssl.OpenSsl.ensureAvailability(OpenSsl.java:474)
        at io.netty.handler.ssl.ReferenceCountedOpenSslContext.<init>(ReferenceCountedOpenSslContext.java:196)
        at io.netty.handler.ssl.OpenSslContext.<init>(OpenSslContext.java:43)
        at io.netty.handler.ssl.OpenSslServerContext.<init>(OpenSslServerContext.java:346)
        at io.netty.handler.ssl.OpenSslServerContext.<init>(OpenSslServerContext.java:334)
        at io.netty.handler.ssl.SslContext.newServerContextInternal(SslContext.java:471)
        at io.netty.handler.ssl.SslContextBuilder.build(SslContextBuilder.java:571)
        at org.neo4j.ssl.SslPolicy.nettyServerContext(SslPolicy.java:82)
        at org.neo4j.bolt.BoltServer.createSslContext(BoltServer.java:286)
        at org.neo4j.bolt.BoltServer.createExternalProtocolInitializer(BoltServer.java:252)
        at org.neo4j.bolt.BoltServer.init(BoltServer.java:154)
        at org.neo4j.kernel.lifecycle.LifeSupport$LifecycleInstance.init(LifeSupport.java:403)
        ... 8 more
Caused by: java.lang.IllegalArgumentException: Failed to load any of the given libraries: [netty_tcnative_linux_x86_64, netty_tcnative_linux_x86_64_fedora, netty_tcnative_x86_64, netty_tcnative]
        at io.netty.util.internal.NativeLibraryLoader.loadFirstAvailable(NativeLibraryLoader.java:104)
        at io.netty.handler.ssl.OpenSsl.loadTcNative(OpenSsl.java:581)
        at io.netty.handler.ssl.OpenSsl.<clinit>(OpenSsl.java:133)
        ... 19 more
        Suppressed: java.lang.UnsatisfiedLinkError: could not load a native library: netty_tcnative_linux_x86_64
                at io.netty.util.internal.NativeLibraryLoader.load(NativeLibraryLoader.java:226)
                at io.netty.util.internal.NativeLibraryLoader.loadFirstAvailable(NativeLibraryLoader.java:96)
                ... 21 more
        Caused by: java.io.FileNotFoundException: META-INF/native/libnetty_tcnative_linux_x86_64.so
                at io.netty.util.internal.NativeLibraryLoader.load(NativeLibraryLoader.java:175)
                ... 22 more
                Suppressed: java.lang.UnsatisfiedLinkError: no netty_tcnative_linux_x86_64 in java.library.path: [/usr/java/packages/lib, /usr/lib/x86_64-linux-gnu/jni, /lib/x86_64-linux-gnu, /usr/l>                        at java.base/java.lang.ClassLoader.loadLibrary(ClassLoader.java:2670)
                        at java.base/java.lang.Runtime.loadLibrary0(Runtime.java:830)
 at java.base/java.lang.System.loadLibrary(System.java:1873)
                        at io.netty.util.internal.NativeLibraryUtil.loadLibrary(NativeLibraryUtil.java:38)
                        at io.netty.util.internal.NativeLibraryLoader.loadLibrary(NativeLibraryLoader.java:351)
                        at io.netty.util.internal.NativeLibraryLoader.load(NativeLibraryLoader.java:136)
                        ... 22 more
                        Suppressed: java.lang.UnsatisfiedLinkError: no netty_tcnative_linux_x86_64 in java.library.path: [/usr/java/packages/lib, /usr/lib/x86_64-linux-gnu/jni, /lib/x86_64-linux-gnu>                                at java.base/java.lang.ClassLoader.loadLibrary(ClassLoader.java:2670)
                                at java.base/java.lang.Runtime.loadLibrary0(Runtime.java:830)
                                at java.base/java.lang.System.loadLibrary(System.java:1873)
                                at io.netty.util.internal.NativeLibraryUtil.loadLibrary(NativeLibraryUtil.java:38)
                                at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                                at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
                                at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                                at java.base/java.lang.reflect.Method.invoke(Method.java:566)
                                at io.netty.util.internal.NativeLibraryLoader$1.run(NativeLibraryLoader.java:371)
                                at java.base/java.security.AccessController.doPrivileged(Native Method)
                                at io.netty.util.internal.NativeLibraryLoader.loadLibraryByHelper(NativeLibraryLoader.java:363)
                                at io.netty.util.internal.NativeLibraryLoader.loadLibrary(NativeLibraryLoader.java:341)
                                ... 23 more
        Suppressed: java.lang.UnsatisfiedLinkError: could not load a native library: netty_tcnative_linux_x86_64_fedora
                at io.netty.util.internal.NativeLibraryLoader.load(NativeLibraryLoader.java:226)
                at io.netty.util.internal.NativeLibraryLoader.loadFirstAvailable(NativeLibraryLoader.java:96)
                ... 21 more
        Caused by: java.io.FileNotFoundException: META-INF/native/libnetty_tcnative_linux_x86_64_fedora.so
                at io.netty.util.internal.NativeLibraryLoader.load(NativeLibraryLoader.java:175)
                ... 22 more
                Suppressed: java.lang.UnsatisfiedLinkError: no netty_tcnative_linux_x86_64_fedora in java.library.path: [/usr/java/packages/lib, /usr/lib/x86_64-linux-gnu/jni, /lib/x86_64-linux-gnu,>                        at java.base/java.lang.ClassLoader.loadLibrary(ClassLoader.java:2670)
                        at java.base/java.lang.Runtime.loadLibrary0(Runtime.java:830)
                        at java.base/java.lang.System.loadLibrary(System.java:1873)
                        at io.netty.util.internal.NativeLibraryUtil.loadLibrary(NativeLibraryUtil.java:38)
                        at io.netty.util.internal.NativeLibraryLoader.loadLibrary(NativeLibraryLoader.java:351)
                        at io.netty.util.internal.NativeLibraryLoader.load(NativeLibraryLoader.java:136)
                        ... 22 more
                        Suppressed: java.lang.UnsatisfiedLinkError: no netty_tcnative_linux_x86_64_fedora in java.library.path: [/usr/java/packages/lib, /usr/lib/x86_64-linux-gnu/jni, /lib/x86_64-li>                                at java.base/java.lang.ClassLoader.loadLibrary(ClassLoader.java:2670)
                                at java.base/java.lang.Runtime.loadLibrary0(Runtime.java:830)
                                at java.base/java.lang.System.loadLibrary(System.java:1873)
                                at io.netty.util.internal.NativeLibraryUtil.loadLibrary(NativeLibraryUtil.java:38)
                                at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                                at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
                                at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                                at java.base/java.lang.reflect.Method.invoke(Method.java:566)
                                at io.netty.util.internal.NativeLibraryLoader$1.run(NativeLibraryLoader.java:371)
                                at java.base/java.security.AccessController.doPrivileged(Native Method)
                                at io.netty.util.internal.NativeLibraryLoader.loadLibraryByHelper(NativeLibraryLoader.java:363)
                                at io.netty.util.internal.NativeLibraryLoader.loadLibrary(NativeLibraryLoader.java:341)
                                ... 23 more
        Suppressed: java.lang.UnsatisfiedLinkError: could not load a native library: netty_tcnative_x86_64
                at io.netty.util.internal.NativeLibraryLoader.load(NativeLibraryLoader.java:226)
                at io.netty.util.internal.NativeLibraryLoader.loadFirstAvailable(NativeLibraryLoader.java:96)
                ... 21 more
        Caused by: java.io.FileNotFoundException: META-INF/native/libnetty_tcnative_x86_64.so
                at io.netty.util.internal.NativeLibraryLoader.load(NativeLibraryLoader.java:175)
                ... 22 more
                Suppressed: java.lang.UnsatisfiedLinkError: no netty_tcnative_x86_64 in java.library.path: [/usr/java/packages/lib, /usr/lib/x86_64-linux-gnu/jni, /lib/x86_64-linux-gnu, /usr/lib/x86>                        at java.base/java.lang.ClassLoader.loadLibrary(ClassLoader.java:2670)
                        at java.base/java.lang.Runtime.loadLibrary0(Runtime.java:830)
                        at java.base/java.lang.System.loadLibrary(System.java:1873)
                        at io.netty.util.internal.NativeLibraryUtil.loadLibrary(NativeLibraryUtil.java:38)
                        at io.netty.util.internal.NativeLibraryLoader.loadLibrary(NativeLibraryLoader.java:351)
                        at io.netty.util.internal.NativeLibraryLoader.load(NativeLibraryLoader.java:136)
                        ... 22 more
                        Suppressed: java.lang.UnsatisfiedLinkError: no netty_tcnative_x86_64 in java.library.path: [/usr/java/packages/lib, /usr/lib/x86_64-linux-gnu/jni, /lib/x86_64-linux-gnu, /usr>                                at java.base/java.lang.ClassLoader.loadLibrary(ClassLoader.java:2670)
                                at java.base/java.lang.Runtime.loadLibrary0(Runtime.java:830)
                                at java.base/java.lang.System.loadLibrary(System.java:1873)
                                at io.netty.util.internal.NativeLibraryUtil.loadLibrary(NativeLibraryUtil.java:38)
                                at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                                at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
                                at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                                at java.base/java.lang.reflect.Method.invoke(Method.java:566)
                                at io.netty.util.internal.NativeLibraryLoader$1.run(NativeLibraryLoader.java:371)
                                at java.base/java.security.AccessController.doPrivileged(Native Method)
                                at io.netty.util.internal.NativeLibraryLoader.loadLibraryByHelper(NativeLibraryLoader.java:363)
                                at io.netty.util.internal.NativeLibraryLoader.loadLibrary(NativeLibraryLoader.java:341)
                                ... 23 more
        Suppressed: java.lang.UnsatisfiedLinkError: could not load a native library: netty_tcnative
                at io.netty.util.internal.NativeLibraryLoader.load(NativeLibraryLoader.java:226)
                at io.netty.util.internal.NativeLibraryLoader.loadFirstAvailable(NativeLibraryLoader.java:96)
                ... 21 more
        Caused by: java.io.FileNotFoundException: META-INF/native/libnetty_tcnative.so
                at io.netty.util.internal.NativeLibraryLoader.load(NativeLibraryLoader.java:175)
                ... 22 more
                Suppressed: java.lang.UnsatisfiedLinkError: no netty_tcnative in java.library.path: [/usr/java/packages/lib, /usr/lib/x86_64-linux-gnu/jni, /lib/x86_64-linux-gnu, /usr/lib/x86_64-lin>                        at java.base/java.lang.ClassLoader.loadLibrary(ClassLoader.java:2670)
                        at java.base/java.lang.Runtime.loadLibrary0(Runtime.java:830)
                        at java.base/java.lang.System.loadLibrary(System.java:1873)
                        at io.netty.util.internal.NativeLibraryUtil.loadLibrary(NativeLibraryUtil.java:38)
                        at io.netty.util.internal.NativeLibraryLoader.loadLibrary(NativeLibraryLoader.java:351)
                        at io.netty.util.internal.NativeLibraryLoader.load(NativeLibraryLoader.java:136)
... 22 more
                        Suppressed: java.lang.UnsatisfiedLinkError: no netty_tcnative in java.library.path: [/usr/java/packages/lib, /usr/lib/x86_64-linux-gnu/jni, /lib/x86_64-linux-gnu, /usr/lib/x8>                                at java.base/java.lang.ClassLoader.loadLibrary(ClassLoader.java:2670)
                                at java.base/java.lang.Runtime.loadLibrary0(Runtime.java:830)
                                at java.base/java.lang.System.loadLibrary(System.java:1873)
                                at io.netty.util.internal.NativeLibraryUtil.loadLibrary(NativeLibraryUtil.java:38)
                                at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                                at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
                                at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                                at java.base/java.lang.reflect.Method.invoke(Method.java:566)
                                at io.netty.util.internal.NativeLibraryLoader$1.run(NativeLibraryLoader.java:371)
                                at java.base/java.security.AccessController.doPrivileged(Native Method)
                                at io.netty.util.internal.NativeLibraryLoader.loadLibraryByHelper(NativeLibraryLoader.java:363)
                                at io.netty.util.internal.NativeLibraryLoader.loadLibrary(NativeLibraryLoader.java:341)
                                ... 23 more
2021-01-22 18:44:38.792+0000 INFO  Neo4j Server shutdown initiated by request

On the other hand, using any netty-all version jar (here:

netty-all-4.1.50.Final.jar netty-all-4.1.50.Final-sources.jar

) throws the following message:

2021-01-22 18:36:58.923+0000 INFO  Starting...
2021-01-22 18:37:03.662+0000 INFO  ======== Neo4j 4.1.3 ========
2021-01-22 18:37:03.841+0000 ERROR Failed to start Neo4j on dbms.connector.http.listen_address, a socket address. If missing port or hostname it is acquired from dbms.default_listen_address. Error starting Neo4j database server at /var/lib/neo4j/data/databases
java.lang.RuntimeException: Error starting Neo4j database server at /var/lib/neo4j/data/databases
        at org.neo4j.graphdb.facade.DatabaseManagementServiceFactory.startDatabaseServer(DatabaseManagementServiceFactory.java:198)
        at org.neo4j.graphdb.facade.DatabaseManagementServiceFactory.build(DatabaseManagementServiceFactory.java:158)
        at org.neo4j.server.CommunityBootstrapper.createNeo(CommunityBootstrapper.java:36)
        at org.neo4j.server.NeoBootstrapper.start(NeoBootstrapper.java:117)
        at org.neo4j.server.NeoBootstrapper.start(NeoBootstrapper.java:87)
        at org.neo4j.server.CommunityEntryPoint.main(CommunityEntryPoint.java:35)
Caused by: org.neo4j.kernel.lifecycle.LifecycleException: Component 'org.neo4j.bolt.BoltServer@34332b8d' failed to initialize. Please see the attached cause exception "io.netty.internal.tcnative.SSLPrivateKeyMethod".
        at org.neo4j.kernel.lifecycle.LifeSupport$LifecycleInstance.init(LifeSupport.java:424)
        at org.neo4j.kernel.lifecycle.LifeSupport.init(LifeSupport.java:65)
        at org.neo4j.kernel.lifecycle.LifeSupport.start(LifeSupport.java:101)
        at org.neo4j.graphdb.facade.DatabaseManagementServiceFactory.startDatabaseServer(DatabaseManagementServiceFactory.java:189)
        ... 5 more
Caused by: java.lang.NoClassDefFoundError: io/netty/internal/tcnative/SSLPrivateKeyMethod
        at io.netty.handler.ssl.SslContext.newServerContextInternal(SslContext.java:471)
        at io.netty.handler.ssl.SslContextBuilder.build(SslContextBuilder.java:571)
        at org.neo4j.ssl.SslPolicy.nettyServerContext(SslPolicy.java:82)
        at org.neo4j.bolt.BoltServer.createSslContext(BoltServer.java:286)
        at org.neo4j.bolt.BoltServer.createExternalProtocolInitializer(BoltServer.java:252)
        at org.neo4j.bolt.BoltServer.init(BoltServer.java:154)
        at org.neo4j.kernel.lifecycle.LifeSupport$LifecycleInstance.init(LifeSupport.java:403)
        ... 8 more
Caused by: java.lang.ClassNotFoundException: io.netty.internal.tcnative.SSLPrivateKeyMethod
        at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:581)
        at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)
        at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522)
        ... 15 more
2021-01-22 18:37:03.862+0000 INFO  Neo4j Server shutdown initiated by request

I have tried a lot of stuff, for testing purposes my configuration currently matches the post one by kkris1983. I would be so grateful if someone could help me out here!

4

Hello everyone,

I got exactly the same problem and it makes me crazy, I just can't find any "suitable Netty dependency" like it's indicated in the official documentation (SSL framework - Operations Manual) and I got the following message when I try to start Neo4j :

2021-05-18 06:29:55.435+0000 INFO  Starting...
2021-05-18 06:30:01.189+0000 INFO  ======== Neo4j 4.1.4 ========
2021-05-18 06:30:01.378+0000 ERROR Failed to start Neo4j on dbms.connector.http.listen_address, a socket address. If missing port or hostname it is acquired from dbms.default_listen_address. Error
 starting Neo4j database server at /var/lib/neo4j/data/databases
java.lang.RuntimeException: Error starting Neo4j database server at /var/lib/neo4j/data/databases
        at org.neo4j.graphdb.facade.DatabaseManagementServiceFactory.startDatabaseServer(DatabaseManagementServiceFactory.java:198)
        at org.neo4j.graphdb.facade.DatabaseManagementServiceFactory.build(DatabaseManagementServiceFactory.java:158)
        at com.neo4j.server.enterprise.EnterpriseManagementServiceFactory.createManagementService(EnterpriseManagementServiceFactory.java:38)
        at com.neo4j.server.enterprise.EnterpriseBootstrapper.createNeo(EnterpriseBootstrapper.java:20)
        at org.neo4j.server.NeoBootstrapper.start(NeoBootstrapper.java:117)
        at org.neo4j.server.NeoBootstrapper.start(NeoBootstrapper.java:87)
        at com.neo4j.server.enterprise.EnterpriseEntryPoint.main(EnterpriseEntryPoint.java:25)
Caused by: org.neo4j.kernel.lifecycle.LifecycleException: Component 'org.neo4j.bolt.BoltServer@5600a5da' failed to initialize. Please see the attached cause exception "io.netty.internal.tcnative.SSLPrivateKeyMethod".
        at org.neo4j.kernel.lifecycle.LifeSupport$LifecycleInstance.init(LifeSupport.java:424)
        at org.neo4j.kernel.lifecycle.LifeSupport.init(LifeSupport.java:65)
        at org.neo4j.kernel.lifecycle.LifeSupport.start(LifeSupport.java:101)
        at org.neo4j.graphdb.facade.DatabaseManagementServiceFactory.startDatabaseServer(DatabaseManagementServiceFactory.java:189)
        ... 6 more
Caused by: java.lang.NoClassDefFoundError: io/netty/internal/tcnative/SSLPrivateKeyMethod
        at io.netty.handler.ssl.SslContext.newServerContextInternal(SslContext.java:471)
        at io.netty.handler.ssl.SslContextBuilder.build(SslContextBuilder.java:571)
        at org.neo4j.ssl.SslPolicy.nettyServerContext(SslPolicy.java:82)
        at org.neo4j.bolt.BoltServer.createSslContext(BoltServer.java:286)
        at org.neo4j.bolt.BoltServer.createExternalProtocolInitializer(BoltServer.java:252)
        at org.neo4j.bolt.BoltServer.init(BoltServer.java:154)
        at org.neo4j.kernel.lifecycle.LifeSupport$LifecycleInstance.init(LifeSupport.java:403)
        ... 9 more
Caused by: java.lang.ClassNotFoundException: io.netty.internal.tcnative.SSLPrivateKeyMethod
        at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:581)
        at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)
        at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)
        ... 16 more
2021-05-18 06:30:01.383+0000 INFO  Neo4j Server shutdown initiated by request

I'm running the 4.1.4 version of Neo4j and here it is my configuration file (without the useless parts) :

#*****************************************************************
# Neo4j configuration
#
# For more details and a complete list of settings, please see
# https://neo4j.com/docs/operations-manual/current/reference/configuration-settings/
#*****************************************************************

# The name of the default database.
#dbms.default_database=neo4j

# Paths of directories in the installation.
#dbms.directories.data=data
#dbms.directories.plugins=plugins
#dbms.directories.logs=logs
#dbms.directories.lib=lib
#dbms.directories.run=run
#dbms.directories.metrics=metrics
#dbms.directories.transaction.logs.root=data/transactions
#dbms.directories.dumps.root=data/dumps

# This setting constrains all `LOAD CSV` import files to be under the `import` directory. Remove or comment it out to
# allow files to be loaded from anywhere in the filesystem; this introduces possible security problems. See the
# `LOAD CSV` section of the manual for details.
dbms.directories.import=import

# Whether requests to Neo4j are authenticated.
# To disable authentication, uncomment this line
dbms.security.auth_enabled=true

# Enable this to be able to upgrade a store from an older version.
#dbms.allow_upgrade=true

# Number of databases in Neo4j is limited.
# To change this limit please uncomment and adapt following setting:
# dbms.max_databases=100

# Enable online backups to be taken from this database.
dbms.backup.enabled=false

# By default the backup service will only listen on localhost.
# To enable remote backups you will have to bind to an external
# network interface (e.g. 0.0.0.0 for all interfaces).
# The protocol running varies depending on deployment. In a Causal Clustering environment this is the
# same protocol that runs on causal_clustering.transaction_listen_address.
#dbms.backup.listen_address=0.0.0.0:6362

#********************************************************************
# Memory Settings
#********************************************************************
#
# Memory settings are specified kilobytes with the 'k' suffix, megabytes with
# 'm' and gigabytes with 'g'.
# If Neo4j is running on a dedicated server, then it is generally recommended
# to leave about 2-4 gigabytes for the operating system, give the JVM enough
# heap to hold all your transaction state and query context, and then leave the
# rest for the page cache.

# Java Heap Size: by default the Java heap size is dynamically calculated based
# on available system resources. Uncomment these lines to set specific initial
# and maximum heap size.
dbms.memory.heap.initial_size=512m
dbms.memory.heap.max_size=1G

# The amount of memory to use for mapping the store files.
# The default page cache memory assumes the machine is dedicated to running
# Neo4j, and is heuristically set to 50% of RAM minus the Java heap size.
dbms.memory.pagecache.size=512m

# Limit the amount of memory that all of the running transaction can consume.
# By default there is no limit.
#dbms.memory.transaction.global_max_size=256m

# Limit the amount of memory that a single transaction can consume.
# By default there is no limit.
#dbms.memory.transaction.max_size=16m

# Transaction state location. It is recommended to use ON_HEAP.
dbms.tx_state.memory_allocation=ON_HEAP

#*****************************************************************
# Network connector configuration
#*****************************************************************

dbms.default_listen_address=0.0.0.0

#dbms.default_advertised_address=localhost

# Bolt connector
dbms.connector.bolt.enabled=true
dbms.connector.bolt.tls_level=OPTIONAL
dbms.connector.bolt.listen_address=:7687
#dbms.connector.bolt.advertised_address=localhost:7687

# HTTP Connector. There can be zero or one HTTP connectors.
dbms.connector.http.enabled=true
dbms.connector.http.listen_address=:7474
#dbms.connector.http.advertised_address=:7474

# HTTPS Connector. There can be zero or one HTTPS connectors.
dbms.connector.https.enabled=true
dbms.connector.https.listen_address=:7473
#dbms.connector.https.advertised_address=:7473

# Cluster Routing Connector. Enables the opening of an additional port to allow
# for internal communication using the same security configuration as CLUSTER
#dbms.routing.enabled=false

# Customize the listen address and advertised address used for the routing connector.
#dbms.routing.listen_address=0.0.0.0:7688
#dbms.routing.advertised_address=:7688

# Number of Neo4j worker threads.
#dbms.threads.worker_count

#*****************************************************************
# SSL policy configuration
#*****************************************************************

# Bolt SSL configuration
dbms.ssl.policy.bolt.enabled=true
dbms.ssl.policy.bolt.base_directory=certificates/default
dbms.ssl.policy.bolt.private_key=nginx.key
dbms.ssl.policy.bolt.public_certificate=nginx.crt
dbms.ssl.policy.bolt.client_auth=NONE
dbms.ssl.policy.bolt.trust_all=true

# Https SSL configuration
dbms.ssl.policy.https.enabled=true
dbms.ssl.policy.https.base_directory=certificates/default
dbms.ssl.policy.https.private_key=nginx.key
dbms.ssl.policy.https.public_certificate=nginx.crt
dbms.ssl.policy.https.client_auth=NONE
dbms.ssl.policy.bolt.trust_all=true

# Cluster SSL configuration
#dbms.ssl.policy.cluster.enabled=true
#dbms.ssl.policy.cluster.base_directory=certificates/cluster
#dbms.ssl.policy.cluster.private_key=private.key
#dbms.ssl.policy.cluster.public_certificate=public.crt

# Backup SSL configuration
#dbms.ssl.policy.backup.enabled=true
#dbms.ssl.policy.backup.base_directory=certificates/backup
#dbms.ssl.policy.backup.private_key=private.key
#dbms.ssl.policy.backup.public_certificate=public.crt

#********************************************************************
# JVM Parameters
#********************************************************************

# G1GC generally strikes a good balance between throughput and tail
# latency, without too much tuning.
dbms.jvm.additional=-XX:+UseG1GC

# Have common exceptions keep producing stack traces, so they can be
# debugged regardless of how often logs are rotated.
dbms.jvm.additional=-XX:-OmitStackTraceInFastThrow

# Make sure that `initmemory` is not only allocated, but committed to
# the process, before starting the database. This reduces memory
# fragmentation, increasing the effectiveness of transparent huge
# pages. It also reduces the possibility of seeing performance drop
# due to heap-growing GC events, where a decrease in available page
# cache leads to an increase in mean IO response time.
# Try reducing the heap memory, if this flag degrades performance.
dbms.jvm.additional=-XX:+AlwaysPreTouch

# Trust that non-static final fields are really final.
# This allows more optimizations and improves overall performance.
# NOTE: Disable this if you use embedded mode, or have extensions or dependencies that may use reflection or
# serialization to change the value of final fields!
dbms.jvm.additional=-XX:+UnlockExperimentalVMOptions
dbms.jvm.additional=-XX:+TrustFinalNonStaticFields

# Disable explicit garbage collection, which is occasionally invoked by the JDK itself.
dbms.jvm.additional=-XX:+DisableExplicitGC

#Increase maximum number of nested calls that are can be inlined from 9 (default) to 15
dbms.jvm.additional=-XX:MaxInlineLevel=15

# Restrict size of cached JDK buffers to 256 KB
dbms.jvm.additional=-Djdk.nio.maxCachedBufferSize=262144

# More efficient buffer allocation in Netty by allowing direct no cleaner buffers.
dbms.jvm.additional=-Dio.netty.tryReflectionSetAccessible=true

# Exits JVM on the first occurrence of an out-of-memory error. Its preferable to restart VM in case of out of memory errors.
# dbms.jvm.additional=-XX:+ExitOnOutOfMemoryError

# Remote JMX monitoring, uncomment and adjust the following lines as needed. Absolute paths to jmx.access and
# jmx.password files are required.
# Also make sure to update the jmx.access and jmx.password files with appropriate permission roles and passwords,
# the shipped configuration contains only a read only role called 'monitor' with password 'Neo4j'.
# For more details, see: http://download.oracle.com/javase/8/docs/technotes/guides/management/agent.html
# On Unix based systems the jmx.password file needs to be owned by the user that will run the server,
# and have permissions set to 0600.
# For details on setting these file permissions on Windows see:
#     http://docs.oracle.com/javase/8/docs/technotes/guides/management/security-windows.html
#dbms.jvm.additional=-Dcom.sun.management.jmxremote.port=3637
#dbms.jvm.additional=-Dcom.sun.management.jmxremote.authenticate=true
#dbms.jvm.additional=-Dcom.sun.management.jmxremote.ssl=false
#dbms.jvm.additional=-Dcom.sun.management.jmxremote.password.file=/absolute/path/to/conf/jmx.password
#dbms.jvm.additional=-Dcom.sun.management.jmxremote.access.file=/absolute/path/to/conf/jmx.access

# Some systems cannot discover host name automatically, and need this line configured:
#dbms.jvm.additional=-Djava.rmi.server.hostname=$THE_NEO4J_SERVER_HOSTNAME

# Expand Diffie Hellman (DH) key size from default 1024 to 2048 for DH-RSA cipher suites used in server TLS handshakes.
# This is to protect the server from any potential passive eavesdropping.
dbms.jvm.additional=-Djdk.tls.ephemeralDHKeySize=2048

# This mitigates a DDoS vector.
dbms.jvm.additional=-Djdk.tls.rejectClientInitiatedRenegotiation=true

# Enable remote debugging
#dbms.jvm.additional=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005

# This filter prevents deserialization of arbitrary objects via java object serialization, addressing potential vulnerabilities.
# By default this filter whitelists all neo4j classes, as well as classes from the hazelcast library and the java standard library.
# These defaults should only be modified by expert users!
# For more details (including filter syntax) see: https://openjdk.java.net/jeps/290
#dbms.jvm.additional=-Djdk.serialFilter=java.**;org.neo4j.**;com.neo4j.**;com.hazelcast.**;net.sf.ehcache.Element;com.sun.proxy.*;org.openjdk.jmh.**;!*

# Increase the default flight recorder stack sampling depth from 64 to 256, to avoid truncating frames when profiling.
dbms.jvm.additional=-XX:FlightRecorderOptions=stackdepth=256

# Allow profilers to sample between safepoints. Without this, sampling profilers may produce less accurate results.
dbms.jvm.additional=-XX:+UnlockDiagnosticVMOptions
dbms.jvm.additional=-XX:+DebugNonSafepoints

#********************************************************************
# Wrapper Windows NT/2000/XP Service Properties
#********************************************************************
# WARNING - Do not modify any of these properties when an application
#  using this configuration file has been installed as a service.
#  Please uninstall the service before modifying this section.  The
#  service can then be reinstalled.

# Name of the service
dbms.windows_service_name=neo4j-relate-dbms-291afba1-ec60-457b-bf9c-226c94974bfb

#********************************************************************
# Other Neo4j system properties
#********************************************************************
dbms.netty.ssl.provider=OPENSSL

Anyone to help ?

Thanks by advance !

5

Yea i think you have to find the right version on netty and add them in the plugins folder. That worked for me.