What client (curl, Ratel etc ?) are you using to connect to the Alpha Instance. And if it is a browser, then which one? Version?
My presumption is that the client does not trust the Dgraph Root CA (ca.crt) and hence this error.
(I see that you have added this to the KeyChain as Trusted Root, but some clients may not use the system Certificate Authorities).
Hello. I noticed that you created a node.crt for a hostname called live. If you do not want to use this as the host, then I would rm tls/node* and recreate the node cert.
I created my certs using this:
dgraph cert
dgraph cert -n $(hostname)
dgraph cert -c user
I’ll be honest with you @joaquin I don’t know if I’m using live loader b/c I’m confused about what it is but I don’t think I’m using this. I love your help about the HOSTS thank you, I updated my host to localhost, and I know the IP address of my Vultr cloud database but when I add that as a host I get the error
Chriss-MacBook-Pro-2:database cc$ dgraph cert -n x.30.193.y
[Decoder]: Using assembly version of decoder
Error: x509: cannot validate certificate for x.30.193.y because it doesn't contain any IP SANs
And now I’m a bit confused, do I do the keychain access thing again with these new keys and if so when I go into Keychain access what do I do please?!
If you are running dgraph alpha service on the vulture system, then you would use the that as the node:
dgraph cert -n $HOST_ADDRESS
Where host address is the dgraph alpha service. If you build a server for example and give it a DNS FQDN of dgraph.mycompany.com, you would then do this:
dgraph cert -n dgraph.mycompany.com
Until then, it looks like you are running the server on MacBook, and a client on MacBook, so you have to use localhost as the host address in this case for local MacBook development.
As for Brave (Chromium) browser, you need to import the client certificate, so that it will trust use the Dgraph CA root.
You need to import the Dgraph Root CA as trusted “Root Authority” so that it will trust the Alpha server’s certificate sent on TLS Handshake.
Further, You may need to import the Dgraph client certificate in the Client/Your/Personal Certificates section if the alpha server has turned on Client-Authentication.
I think my error was the hostname. Updating the node.crt hostname to localhost helped a ton, thank you @joaquin! I made this error copy pasting from the docs where the hostname is live.
This was one of those novice mistakes when we copy / paste all the code provided, it does not work & then we’re like… lol Which is why I really appreciate your help @Paras, thank you Sir!
Since you’ve deployed this to a cloud machine, you’ll need to be on the cloud machine to access localhost. a.b.c.d would need to be publically accessible to access it from the outside.
You can check access via your cloud provider. You’d need at least a public IP and configured firewall rules. If you don’t want to set up public access, you can create a private tunnel connection to your server
In Vultr, I found these resources that should help (I haven’t used Vultr myself though):