Issue
Perhaps I’ve missed something obvious but I can’t seem to get workers/clients to connect to my temporal-cloud namespace. Both workers and clients give the same error when they attempt to connect:
Error: Failed to connect before the deadline
at checkState (<project-dir>/node_modules/@grpc/grpc-js/src/client.ts:172:18)
at Timeout._onTimeout (<project-dir>/node_modules/@grpc/grpc-js/src/channel.ts:728:9)
at listOnTimeout (node:internal/timers:559:17)
at processTimers (node:internal/timers:502:7)
Certificate Info
The temporal-cloud namespace’s CA cert is:
- X.509v3 - (Version: 3 (0x2))
- It is the root CA cert
- Contains CA: true
- Is an internal-CA (not well known CA digicert etc…)
- sha256 (sha256WithRSAEncryption
)
The client cert used by workers/clients is:
- X.509v3 - (Version: 3 (0x2))
- Contains CA: false
- Key usage includes Digital Signature
- sha256 (sha256WithRSAEncryption
)
Connection Code Snippet
import { Connection, WorkflowClient } from "@temporalio/client";
import * as fs from "fs"
let clientCertificate = fs.readFileSync("leaf-cert.pem");
let clientKey = fs.readFileSync("leaf-cert.key");
let params={
address: '<namespace>.tmprl.cloud',
tls: {
clientCertPair: {
crt: clientCertificate,
key: clientKey,
},
},
connectTimeout:6000000
}
let client: any = Connection.connect(params)
.then((connection) => {
client = new WorkflowClient({
connection,
namespace:"<namespace>"
});
})
.catch(console.error);
Connection.connect(params)
fails and hits the .catch(console.error);