Hi,
I had some queries on tls-simple samples-server/tls/tls-simple at main · temporalio/samples-server · GitHub
- The docker-compose.yaml file contains services of temporal-admin-tools. Following are the env variables mentioned:
- "TEMPORAL_CLI_TLS_CERT=${TEMPORAL_TLS_CERTS_DIR}/client.pem"
- "TEMPORAL_CLI_TLS_KEY=${TEMPORAL_TLS_CERTS_DIR}/client.key"
Are we saying that the CLI is a part of client and not that of cluster?
2. If so, the service definition of temporal contains following env variables:
- "TEMPORAL_CLI_TLS_CA=${TEMPORAL_TLS_CERTS_DIR}/ca.cert"
- "TEMPORAL_CLI_TLS_CERT=${TEMPORAL_TLS_CERTS_DIR}/cluster.pem"
- "TEMPORAL_CLI_TLS_KEY=${TEMPORAL_TLS_CERTS_DIR}/cluster.key"
Does this mean the CLI uses cluster certificates and not the client ones? Also, won’t ca.cert suffice for mTLS with CLI?
3. In temporal service, for authenticating client’s certificates, we give the Certificate authority which were used to sign them through following env variable:
- "TEMPORAL_TLS_CLIENT1_CA_CERT=${TEMPORAL_TLS_CERTS_DIR}/ca.cert"
- "TEMPORAL_TLS_CLIENT2_CA_CERT=${TEMPORAL_TLS_CERTS_DIR}/ca.cert"
How many such client certificates can be defined for a given temporal server? Do we just need to keep incrementing the client suffix number as the number of clients increases?
Regards,
Ruchir