Hi, I have successfully followed these instructions for prod (where my app and dgraph are running as docker containers) and local envs (where my app is running as a jar and dgraph as a container) to get my app talking to Dgraph via TLS.
I’m now attempting to enhance my CI pipeline, and have my test app container talk to a test dgraph container, but cannot get this working. I get:
SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
This is a common error, and common solution is to add the certs to the apps keystore, but thats what i thought this line is doing:
builder.trustManager(new File("<path to ca.crt>"));
On the Dgraph server side, here is a snippet of how I am creating the Dgraph Alpha container.
'alpha: image: dgraph/dgraph:latest ports: - 8082:8080 - 9080:9080 networks: default: aliases: - alias1.overstock.com restart: on-failure command: - bash - "-c" - | dgraph cert --dir /tls -n 'alias1.overstock.com' dgraph cert --dir /tls -c 'testing' chmod 777 -R /tls dgraph alpha --tls_dir /tls --whitelist=0.0.0.0/0 --tls_client_auth REQUIREANDVERIFY --lru_mb=1024 --my=alpha:7080 --zero=zero:5080'
As next steps, I could pull out the related code to a public git repo if someone was able to assist? 99% its not a Dgraph issue of course…