Can't connect to Postgres on GCP, except through DataGrip

Hi,
I'm developing a Spring Boot application that needs to connect to a GCP hosted Postgres Database. The only program capable of connecting is JetBrains DataGrip.

The problem with this is that I won't know how to connect from a Java development program if I cannot even get my SQL client to work because SSL is so hard to work with.

DataGrip:
Reports the DB is Postgres 14.2. DataGrip used JDBC driver 42.3.3, JDBC4.2.
Authentication is User & Password
User: myuser-dev
Password: hidden
Database: mydatabase
URL: jdbc:postgresql://xx.xx.xx.xx:5432/myuser-dev
Connection type: default
SSH tunne:l is unchecked
Use SSL: is checked
CA file: postgres-server-ca.pem
Client certificate file: postgres-client-cert.pem
Client key file: postgres-client-key.pem
Mode: Require  (other choices are Verify-CA and Full Verification)

DBeaver:
Use SSL: is checked
CA certificate: postgres-server-ca.pem
Client Certificate: postgres-client-cert.pem
Client Private Key: postgres-client-key.pem
SSL mode: verify-ca (tried require)
Driver: postgresql-42.3.6

DBeaver gives me this irrating:
"unable to find valid certification path to requested target"
"SSL error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    unable to find valid certification path to requested target
    unable to find valid certification path to requested target"

Yes, I've tried copying the post gres-server-ca.pem file into the cacerts file in the JDK that DBeaver uses. It doesn't care. Nor do I think I should have to do anything like that. The idea that the SSL trust certificate signed by Google isn't a valid trusted cert is assinine. But I did it because someone is going to insist that's the problem. Btw, all the certs were generated by GCP. I have no idea what type these are. I just want to connect. I don't want to fight this thing.

Thanks for your help.
Ben