General Java query re Dgraph TLS

Hi, I have successfully followed these instructions for prod (where my app and dgraph are running as docker containers) and local envs (where my app is running as a jar and dgraph as a container) to get my app talking to Dgraph via TLS.

I’m now attempting to enhance my CI pipeline, and have my test app container talk to a test dgraph container, but cannot get this working. I get:

SSLHandshakeException: PKIX path building failed: unable to find valid certification path to requested target

This is a common error, and common solution is to add the certs to the apps keystore, but thats what i thought this line is doing:

builder.trustManager(new File("<path to ca.crt>"));

On the Dgraph server side, here is a snippet of how I am creating the Dgraph Alpha container.

    image: dgraph/dgraph:latest
      - 8082:8080
      - 9080:9080
    restart: on-failure
      - bash
      - "-c"
      - |
        dgraph cert --dir /tls -n ''
        dgraph cert --dir /tls -c 'testing'
        chmod 777 -R /tls
        dgraph alpha --tls_dir /tls --whitelist= --tls_client_auth REQUIREANDVERIFY --lru_mb=1024 --my=alpha:7080 --zero=zero:5080'

Anything obvious?
As next steps, I could pull out the related code to a public git repo if someone was able to assist? 99% its not a Dgraph issue of course…


maybe you should copy or share the /tls to your java application .
So it can access it .

Maybe the JAR inside the container is not able to access the cert files outside the container? :sweat_smile:

That would be great, please also share the docker configuration for booting up the client container.