Skip to main content

Interface: TLSConfig


TLS configuration options.



Optional clientCertPair: Object

Sets the client certificate and key for connecting with mTLS

Type declaration

crtBufferThe certificate for this client
keyBufferThe private key for this client


Optional serverNameOverride: string

Overrides the target name (SNI) used for TLS host name checking. If this attribute is not specified, the name used for TLS host name checking will be the host from ServerOptions.url. This can be useful when you have reverse proxy in front of temporal server, and you may want to override the SNI to direct traffic to the appropriate backend server based on custom routing rules. Oppositely, connections could be refused if the provided SNI does not match the expected host. Adding this override should be done with care.


Optional serverRootCACertificate: Buffer

Root CA certificate used by the server. If not set, and the server's cert is issued by someone the operating system trusts, verification will still work (ex: Cloud offering).