How to set TLS server for java sdk connection option

Community Support
,
1

Before I connect to my Temporal cluster, I need to connect to the TLS server to get certificate then I could connect to the Temporal cluster. In go language, I could do like below:

var connOptions client.ConnectionOptions
	if cfg.Temporal.TLSServer != "" {
		connOptions = client.ConnectionOptions{
			TLS: &tls.Config{
				ServerName: cfg.Temporal.TLSServer,
			},
		}
	}

c, err := client.NewClient(client.Options{
	HostPort:          cfg.Temporal.HostPort,
	Namespace:         cfg.Temporal.Namespace,
	ConnectionOptions: connOptions,
	})

But in java, i did not find way to do this.

Need help in urgent, thanks in advance!

2

I don’t think you need this setting in most cases. With Java SDK, the server name is set by netty from the target you specify, for example:

 WorkflowServiceStubs service =
    WorkflowServiceStubs.newServiceStubs(
        WorkflowServiceStubsOptions.newBuilder()
            .setSslContext(SimpleSslContextBuilder.forPKCS8(clientCert, clientKey).build())
            .setTarget(targetEndpoint)
            .build());

(see full sample here)

If you need to pass custom serverName to SSL that is indeed different than your target you are connecting to you could register a custom ChannelInitializer via ServiceStubsOptions.Builder#setChannelInitializer
it takes a builder for the gRPC channel, and then can call io.grpc.ManagedChannelBuilder.overrideAuthority on this builder:

ManagedChannelBuilder.forTarget("target").overrideAuthority("server").build();

See also here.

1 Like
3

Thanks for the reply! That’s very detail! I’ll try this.