Hi, I have successfully followed these instructions for prod (where my app and dgraph are running as docker containers) and local envs (where my app is running as a jar and dgraph as a container) to get my app talking to Dgraph via TLS.
I’m now attempting to enhance my CI pipeline, and have my test app container talk to a test dgraph container, but cannot get this working. I get:
SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
This is a common error, and common solution is to add the certs to the apps keystore, but thats what i thought this line is doing:
builder.trustManager(new File("<path to ca.crt>"));
On the Dgraph server side, here is a snippet of how I am creating the Dgraph Alpha container.
'alpha:
image: dgraph/dgraph:latest
ports:
- 8082:8080
- 9080:9080
networks:
default:
aliases:
- alias1.overstock.com
restart: on-failure
command:
- bash
- "-c"
- |
dgraph cert --dir /tls -n 'alias1.overstock.com'
dgraph cert --dir /tls -c 'testing'
chmod 777 -R /tls
dgraph alpha --tls_dir /tls --whitelist=0.0.0.0/0 --tls_client_auth REQUIREANDVERIFY --lru_mb=1024 --my=alpha:7080 --zero=zero:5080'
Anything obvious?
As next steps, I could pull out the related code to a public git repo if someone was able to assist? 99% its not a Dgraph issue of course…
Thanks
