How do I fix this: Client auth is required but no trust anchors found in: /var/lib/neo4j/certificates/default/trusted

Question

I've been trying to configure SSL for a Neo4j server per their documentation. To this end I have created the following directory structure.

/var/lib/neo4j/certificates# ls -lR
.:
total 12
drwxr-xr-x 4 neo4j neo4j 4096 Dec 20 17:12 default
-rw------- 1 neo4j neo4j  985 Dec 20 13:29 neo4j.cert
-rw------- 1 neo4j neo4j 1704 Dec 20 13:29 neo4j.key

./default:
total 16
-r--r--r-- 1 neo4j neo4j 1704 Dec 20 17:08 private.key
-rw-r--r-- 1 neo4j neo4j 3461 Dec 20 17:18 public.crt
drwxr-xr-x 2 neo4j neo4j 4096 Dec 20 17:12 revoked
drwxr-xr-x 2 neo4j neo4j 4096 Dec 20 17:12 trusted

public.crt is the fullchain.pem file and private.key is the privkey.pem from the letsencrypt directory. trusted and revoked are empty. What am I missing?

score 2 · Accepted Answer · answered May 16 '18 at 16:15

2

Check that the public certificate is also in the trusted directory, as explained in the Neo4J documentation:

The public certificate must be duplicated. One copy is to be placed into the base_directory, and the other copy is to be placed into the trusted_dir

Got the same problem and copying the public certificate to the trusted folder solved it.

answered May 16 '18 at 16:15

keldon

36
3

Thanks, @keldon . I was able to make it work by copying the cert file to the trusted directory. Copying the private key along with the cert file caused issues too; had to be the cert file alone! – Anirudh May 22 '18 at 07:38

How do I fix this: Client auth is required but no trust anchors found in: /var/lib/neo4j/certificates/default/trusted

1 Answers1