Skip to content

SSL CA support for the Java SDK #1353

New issue
New issue
Closed
Closed
SSL CA support for the Java SDK#1353
Assignees
cicoyle
Labels
kind/bugSomething isn't working
Milestone
v1.15
@salaboy

Description

@salaboy
salaboy
opened on May 13, 2025

Expected Behavior

Similar to temporal we should be able to set the CA key and path:

 String clientKeyPath = getenv("TEMPORAL_MTLS_PRIVATE_KEY_PATH");
        String clientCertPath = getenv("TEMPORAL_MTLS_CERT_PATH");

        try {
            // Generate an SSL context
            InputStream clientCertInputStream = new FileInputStream(clientCertPath);
            InputStream clientKeyInputStream = new FileInputStream(clientKeyPath);
            SslContext sslContext = SimpleSslContextBuilder.forPKCS8(clientCertInputStream, clientKeyInputStream).build();

            // Set the Service Stub options (SSL context and gRPC endpoint)
            WorkflowServiceStubsOptions stubsOptions = WorkflowServiceStubsOptions
                .newBuilder()
                .setSslContext(sslContext)
                .setTarget(gRPCEndpoint)
                .build();

Example: https://github.com/temporalio/documentation/blob/main/sample-apps/java/client/cloudserver-client-sample/src/main/java/clientsample/YourCallerApp.java

Actual Behavior

If the app is behind a proxy with their own trust store the SDK needs to support setting the SSL context.

Steps to Reproduce the Problem

Release Note

RELEASE NOTE:

Metadata

Metadata

Assignees

Labels

kind/bugSomething isn't working

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions