Explanation of data/log/console.log error of 'TLS certificate error occurred, unable to start server: Neither RSA, DSA nor EC worked…'
On bin/neo4j start
the data/log/console.log
may log an error similar to
2016-01-04 13:32:44.589-0500 INFO Successfully shutdown database 13:33:06.856 [main] DEBUG i.n.u.i.l.InternalLoggerFactory - Using SLF4J as the default logging framework 2016-01-04 13:33:07.437-0500 ERROR Failed to start Neo4j: TLS certificate error occurred, unable to start server: Neither RSA, DSA nor EC worked TLS certificate error occurred, unable to start server: Neither RSA, DSA nor EC worked org.neo4j.server.ServerStartupException: TLS certificate error occurred, unable to start server: Neither RSA, DSA nor EC worked at org.neo4j.server.AbstractNeoServer.createKeyStore(AbstractNeoServer.java:492) at org.neo4j.server.AbstractNeoServer.init(AbstractNeoServer.java:178) at org.neo4j.server.AbstractNeoServer.start(AbstractNeoServer.java:191) at org.neo4j.server.Bootstrapper.start(Bootstrapper.java:100)
Neo4j allows for the configuration of HTTPS certificates via the
parameters in conf/neo4j-server.properties
.
The following are the default values:
# Turn https-support on/off org.neo4j.server.webserver.https.enabled=true
# Certificate location (auto generated if the file does not exist) dbms.security.tls_certificate_file=conf/ssl/snakeoil.cert
# Private key location (auto generated if the file does not exist) dbms.security.tls_key_file=conf/ssl/snakeoil.key
If the above three parameters are modified a bin/neo4j restart
would need to be run for the changes to take effect.
On neo4j start
, the certificate files will be read and verified that
the algorithm used to generate the certificate files was either RSA, DSA
or EC format.
In the instance above the conf/ssl/snakeoil*
files are autogenerated on start if they do not already exists and they are self signed certificate.
Is this page helpful?