TLS simple queries


I had some queries on tls-simple samples-server/tls/tls-simple at main · temporalio/samples-server · GitHub

  1. The docker-compose.yaml file contains services of temporal-admin-tools. Following are the env variables mentioned:

Are we saying that the CLI is a part of client and not that of cluster?
2. If so, the service definition of temporal contains following env variables:


Does this mean the CLI uses cluster certificates and not the client ones? Also, won’t ca.cert suffice for mTLS with CLI?
3. In temporal service, for authenticating client’s certificates, we give the Certificate authority which were used to sign them through following env variable:


How many such client certificates can be defined for a given temporal server? Do we just need to keep incrementing the client suffix number as the number of clients increases?


  1. These are same certs you would use in your client app. They are set for the admin-tools image in case you wanted to log into the container and run tctl from it (the sample does not assume you might have tctl running locally on your machine)
  2. Will check on this and get back to you. I believe these should actually be client certs as you mention.
  3. The docker config template supports only two.
1 Like