Python Client: How to use pydgraph w/ certs for public trusted CA

I have ingress-nginx terminating TLS issued from Let’s Encrypted public CA. Thus I don’t need to create private certificates as per example:

Besides, I doubt Let’s Encypt will give me their private ca.crt. :wink:

So, how can I do this process with out the need load in private keys, similar to curl https w/ HTTP/1.1?

What I want to do

Create secure channel without need for load in certs from the disk.

What I did

Not sure what to do.

I found the solution.

import certifi # pip install certifi
DGRAPH_ALPHA_SERVER = os.getenv('DGRAPH_ALPHA_SERVER') or 'localhost:9080'

def create_client_stub():
    with open(certifi.where(), "rb") as f:
        root_ca_cert =
    creds = grpc.ssl_channel_credentials(root_certificates=root_ca_cert)

    return pydgraph.DgraphClientStub(addr=DGRAPH_ALPHA_SERVER, credentials=creds)
1 Like