8

How can one use the certificate files generated by LetsEncrypt together with a Neo4j instance? The files generated by LetsEncrypt are:

  • cert.pem
  • chain.pem
  • fullchain.pem
  • privkey.pem

I've tried conversion via OpenSSL with no luck so far, using conversion from PEM to DER. Neo4j complains about not finding the certs upon start. The question is how to convert the LetsEncrypt certs into something that Neo4j can use.

Setup details:

  • The certs are placed in /var/lib/neo4j/certificates/ with names neo4j.{cert,key}, permissions 600, owned by neo4j:nogroup. All of this seems to be according to the docs.
  • In the config I have this line to specify the certificate path: dbms.directories.certificates=/var/lib/neo4j/certificates
  • In the config I also have remote access over HTTPS enabled: dbms.connector.https.address=0.0.0.0:7473

When restarting Neo4j I get the following error message:

WARN Illegal character 0x16 in state=START for buffer HeapByteBuffer@5a260174[p=1,l=193,c=8192,r=192]={\x16<<< SEVERAL_LINES_OF_HEX_JIBBERISH_HERE } WARN badMessage: 400 Illegal character 0x16 for HttpChannelOverHttp@5d682358{r=0,c=false,a=IDLE,uri=-}
Improve this question
4
  • At least you should provide the errors you're getting... Commented Oct 18, 2016 at 23:04
  • Good point. Error message and clarifications are now added. Commented Oct 19, 2016 at 21:39
  • Note, that according to documentation, you need to convert only key. For cert just use fullchain.pem Commented Oct 20, 2016 at 9:19
  • Using the fullchain for the cert did the trick. Thanks! Commented Oct 22, 2016 at 19:25

1 Answer 1

Reset to default
9
+100

I was able to use the lets encrypt certificate on neo4j by using the following process:

  • Used the letsencrypt/acme client implemented as a shell-script method to make the certificate for my domain.
  • Three files are generated running the script to get the certificate fullchain.pem cert.pem privkey.pem

  • Copy them to the certificates directory of neo4j

    mv /path_to_lets_encrypt_certs_dir/fullchain.pem /var/lib/neo4j/certificates/neo4j.cert

    mv /path_to_lets_encrypt_certs_dir/privkey.pem /var/lib/neo4j/certificates/neo4j.key

  • Restart neo4j

anirudh@prok:~# /var/lib/neo4j/bin/neo4j restart Stopping Neo4j.. stopped Starting Neo4j. WARNING: Max 1024 open files allowed, minimum of 40000 recommended. See the Neo4j manual. Started neo4j (pid 17608). By default, it is available at https://your-domain:7473/ There may be a short delay until the server is ready. See /var/lib/neo4j/logs/neo4j.log for current status.

This should run it for you. Hope this helps!

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.