SSL keystore and truststore path issue for Debezium connector mongodb

Question

Here is the config I am using

{
"name": "debezium-mongo",
"config": {
"connector.class" : "io.debezium.connector.mongodb.MongoDbConnector",
"topic.prefix" : "testmongo",
"tasks.max" : "1",
"mongodb.members.auto.discover": "false",
"mongodb.connection.string" : "mongodb://test:dev@rcx-mongo:27017,mongors1n1:27017,mongors2n1:27017/test?replicaSet=rs0",
"mongodb.port": "27017",
"mongodb.server.name": "debezium-mongo",
"mongodb.user" : "test",
"mongodb.password" : "dev",

    "mongodb.ssl.enabled" :"true",
    "mongodb.connection.mode": "replica_set",
    "database.ssl.keystore.location":"/kafka/certificates/mongo.client.keystore.jks",
    "database.ssl.keystore.password":"rcxdev",
    "database.ssl.truststore.location":"/kafka/certificates/mongo.client.truststore.jks",

    "database.ssl.truststore.password":"dev",
    "database.ssl.keystore.type": "JKS"
} }

and here is the docker-compose

connect:
image: debezium/connect:2.3
environment:
LOG_LEVEL: INFO
CONNECT_TOPIC_CREATION_ENABLE: "false"
# BOOTSTRAP_SERVERS: kafka:9092
CONFIG_STORAGE_TOPIC: config-topic
OFFSET_STORAGE_TOPIC: offset-topic
GROUP_ID: kafka-connect-consumer-group

    ADMIN_BOOTSTRAP SEVERS: kafka:9092
    ADMIN_SSL_ENABLED: "true"
    ADMIN_SECURITY_PROTOCOL: SSL
    ADMIN_SSL_TRUSTSTORE_LOCATION: /certs/truststore.jks
    ADMIN_SSL_TRUSTSTORE_PASSWORD: dev
    ADMIN_SSL_KEYSTORE_LOCATION: /certs/keystore.jks
    ADMIN_SSL_KEYSTORE_PASSWORD: dev
    ADMIN_SSL_KEY_PASSWORD: dev

    CONSUMER_BOOTSTRAP SEVERS: kafka:9092
    CONSUMER_SSL_ENABLED: "true"
    CONSUMER_SECURITY_PROTOCOL: SSL
    CONSUMER_SSL_TRUSTSTORE_LOCATION: /certs/truststore.jks
    CONSUMER_SSL_TRUSTSTORE_PASSWORD: rcxdev
    CONSUMER_SSL_KEYSTORE_LOCATION: /certs/keystore.jks
    CONSUMER_SSL_KEYSTORE_PASSWORD: dev
    CONSUMER_SSL_KEY_PASSWORD: rcxdev



    PRODUCER_BOOTSTRAP_SERVERS: kafka:9092
    PRODUCER_SSL_ENABLED: "true"
    PRODUCER_SECURITY_PROTOCOL: SSL
    PRODUCER_SSL_TRUSTSTORE_LOCATION: /certs/truststore.jks
    PRODUCER_SSL_TRUSTSTORE_PASSWORD: dev
    PRODUCER_SSL_KEYSTORE_LOCATION: /certs/keystore.jks
    PRODUCER_SSL_KEYSTORE_PASSWORD: dev
    PRODUCER_SSL_KEY_PASSWORD: dev

    BOOTSTRAP_SERVERS: kafka:9092
    CONNECT_SSL_ENABLED: "true"
    CONNECT_SECURITY_PROTOCOL: SSL
    CONNECT_SSL_TRUSTSTORE_LOCATION: /certs/truststore.jks
    CONNECT_SSL_TRUSTSTORE_PASSWORD: dev
    CONNECT_SSL_KEYSTORE_LOCATION: /certs/keystore.jks
    CONNECT_SSL_KEYSTORE_PASSWORD: dev
    CONNECT_SSL_KEY_PASSWORD: dev
    JAVA_OPTS: -Djavax.net.debug=all
  volumes:

    - ./build/ssl_create/ssl:/certs
    - ./build/kafka-connector:/kafka/certificates
  # command: ["kafka-connect-start", ./build/kafka-connector/mongo-connector.properties]
  depends_on:

    - kafka
    - mongo

I tried to going through the code to understand from where the ssl files are actually getting picked, I couldn't find the details in the ConnectionContext.java. If the mongodb.ssl.enabled = true

if (useSSL) {
settings.applyToSslSettings(
builder -> builder.enabled(true).invalidHostNameAllowed(sslAllowInvalidHostnames));
}

We are trying to connect with mongodb but, We are facing the following issue

ERROR MongoDB|testmongo|rs0 Error while attempting to Setting resume token: Timed out after 30000 ms while waiting for a server that matches com.mongodb.client.internal.MongoClientDelegate$1@4a1491e8. Client view of cluster state is {type=REPLICA_SET, servers=[{address=rcx-mongo:27017, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}}, {address=mongors1n1:27017, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}}, {address=mongors2n1:27017, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}}] [io.debezium.connector.mongodb.connection.MongoDbConnection] connect_1 | com.mongodb.MongoTimeoutException: Timed out after 30000 ms while waiting for a server that matches com.mongodb.client.internal.MongoClientDelegate$1@4a1491e8. Client view of cluster state is {type=REPLICA_SET, servers=[{address=rcx-mongo:27017, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}}, {address=mongors1n1:27017, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}}, {address=mongors2n1:27017, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}}]