From 0da4d561668065d7514739b78d4b94db5f5149d1 Mon Sep 17 00:00:00 2001 From: Erica Sadun Date: Wed, 16 Oct 2024 09:36:56 -0600 Subject: [PATCH] EDU-3019: Clarifies confusion between pem and crt in Cloud Worker - Go, Java, Python, Typescript --- .../go/run_workers_with_cloud_go/index.md | 22 ++++++++++++------- .../java/run_workers_with_cloud_java/index.md | 20 +++++++++++------ .../run_workers_with_cloud_python/index.md | 20 +++++++++++------ .../index.md | 20 +++++++++++------ 4 files changed, 53 insertions(+), 29 deletions(-) diff --git a/docs/getting_started/go/run_workers_with_cloud_go/index.md b/docs/getting_started/go/run_workers_with_cloud_go/index.md index 8ff3ca70..1d5de596 100644 --- a/docs/getting_started/go/run_workers_with_cloud_go/index.md +++ b/docs/getting_started/go/run_workers_with_cloud_go/index.md @@ -40,10 +40,16 @@ They are required for configuring mutual Transport Layer Security (mTLS) protoco You have a few options to generate certificates. - Use existing certificate management infrastructure to generate certificates for your Namespace. -- Use Temporal's built-in certificate generation tool [tcld](https://docs.temporal.io/cloud/tcld). -- Use open-source tools like [certstrap](https://github.com/square/certstrap). +- Use Temporal's built-in certificate generation tool [`tcld`](https://docs.temporal.io/cloud/tcld) to create a `.pem` file containing the certificate. +- Use open-source tools like [Certstrap](https://github.com/square/certstrap) to generate a `crt` certificate file or `pem` cryptographic file to store your certificate in portable form. -The next step uses [certstrap](https://github.com/square/certstrap) to generate certificates. +:::info + +- A `.crt` certificate file may be encoded in either PEM (Base64) or DER (binary) format. +- A `.pem` file is a Base64 encoded format for certificates, private keys, and other cryptographic data. + It is structured with clear header and footer lines. + +::: **Create a Certificate Authority (CA)** @@ -206,7 +212,7 @@ Next, you will set the required environment variables. Before running your application, set the following environment variables with the appropriate values provided by your managed Temporal Cloud environment: -- `TEMPORAL_MTLS_TLS_CERT`: The path to the `.pem` file with your mTLS x509 Certificate. +- `TEMPORAL_MTLS_TLS_CERT`: The path to the `.pem` or `.crt` file with your mTLS x509 Certificate. - `TEMPORAL_MTLS_TLS_KEY`: The path to the file with your mTLS private key. - `TEMPORAL_HOST_URL`: The host URL of your managed Temporal Cloud environment. - `TEMPORAL_NAMESPACE`: The Namespace Name and Account Id associated with your Temporal Cloud environment. @@ -215,8 +221,8 @@ Before running your application, set the following environment variables with th ```bash -export TEMPORAL_MTLS_TLS_CERT=/path/to/tls/cert.pem -export TEMPORAL_MTLS_TLS_KEY=/path/to/tls/key.pem +export TEMPORAL_MTLS_TLS_CERT=/path/to/tls/cert-file.(pem|crt) +export TEMPORAL_MTLS_TLS_KEY=/path/to/tls/key-file.(pem|crt) export TEMPORAL_HOST_URL=https://namespace.account-id.tmprl.cloud:port export TEMPORAL_NAMESPACE=namespace.account-id ``` @@ -225,8 +231,8 @@ export TEMPORAL_NAMESPACE=namespace.account-id ```bash -set TEMPORAL_MTLS_TLS_CERT=C:\path\to\tls\cert.pem -set TEMPORAL_MTLS_TLS_KEY=C:\path\to\tls\key.pem +set TEMPORAL_MTLS_TLS_CERT=C:\path\to\tls\cert-file.(pem|crt) +set TEMPORAL_MTLS_TLS_KEY=C:\path\to\tls\key-file.(pem|crt) set TEMPORAL_HOST_URL=https://namespace.account-id.tmprl.cloud:port set TEMPORAL_NAMESPACE=namespace.account-id ``` diff --git a/docs/getting_started/java/run_workers_with_cloud_java/index.md b/docs/getting_started/java/run_workers_with_cloud_java/index.md index 5c25f632..8edd494f 100644 --- a/docs/getting_started/java/run_workers_with_cloud_java/index.md +++ b/docs/getting_started/java/run_workers_with_cloud_java/index.md @@ -41,9 +41,15 @@ You have a few options to generate certificates. - Use existing certificate management infrastructure to generate certificates for your Namespace. - Use Temporal's built-in certificate generation tool [tcld](https://docs.temporal.io/cloud/tcld). -- Use open-source tools like [certstrap](https://github.com/square/certstrap). +- Use open-source tools like [Certstrap](https://github.com/square/certstrap) to generate a `crt` certificate file or `pem` cryptographic file to store your certificate in portable form. -The next step uses [certstrap](https://github.com/square/certstrap) to generate certificates. +:::info + +- A `.crt` certificate file may be encoded in either PEM (Base64) or DER (binary) format. +- A `.pem` file is a Base64 encoded format for certificates, private keys, and other cryptographic data. + It is structured with clear header and footer lines. + +::: **Create a Certificate Authority (CA)** @@ -226,7 +232,7 @@ Next, you will set the required environment variables. Before running your application, set the following environment variables with the appropriate values provided by your managed Temporal Cloud environment: -- `TEMPORAL_MTLS_TLS_CERT`: The path to the `.pem` file with your mTLS x509 Certificate. +- `TEMPORAL_MTLS_TLS_CERT`: The path to the `.pem` or `.crt` file with your mTLS x509 Certificate. - `TEMPORAL_MTLS_TLS_KEY`: The path to the file with your mTLS private key. - `TEMPORAL_HOST_URL`: The host URL of your managed Temporal Cloud environment. - `TEMPORAL_NAMESPACE`: The Namespace Name and Account Id associated with your Temporal Cloud environment. @@ -235,8 +241,8 @@ Before running your application, set the following environment variables with th ```bash -export TEMPORAL_MTLS_TLS_CERT=/path/to/tls/cert.pem -export TEMPORAL_MTLS_TLS_KEY=/path/to/tls/key.pem +export TEMPORAL_MTLS_TLS_CERT=/path/to/tls/cert-file.(pem|crt) +export TEMPORAL_MTLS_TLS_KEY=/path/to/tls/key-file.(pem|crt) export TEMPORAL_HOST_URL=https://namespace.account-id.tmprl.cloud:port export TEMPORAL_NAMESPACE=namespace.account-id ``` @@ -245,8 +251,8 @@ export TEMPORAL_NAMESPACE=namespace.account-id ```bash -set TEMPORAL_MTLS_TLS_CERT=C:\path\to\tls\cert.pem -set TEMPORAL_MTLS_TLS_KEY=C:\path\to\tls\key.pem +set TEMPORAL_MTLS_TLS_CERT=C:\path\to\tls\cert-file.(pem|crt) +set TEMPORAL_MTLS_TLS_KEY=C:\path\to\tls\key-file.(pem|crt) set TEMPORAL_HOST_URL=https://namespace.account-id.tmprl.cloud:port set TEMPORAL_NAMESPACE=namespace.account-id ``` diff --git a/docs/getting_started/python/run_workers_with_cloud_python/index.md b/docs/getting_started/python/run_workers_with_cloud_python/index.md index dbc1226d..ee8287b0 100644 --- a/docs/getting_started/python/run_workers_with_cloud_python/index.md +++ b/docs/getting_started/python/run_workers_with_cloud_python/index.md @@ -41,9 +41,15 @@ You have a few options to generate certificates. - Use existing certificate management infrastructure to generate certificates for your Namespace. - Use Temporal's built-in certificate generation tool [tcld](https://docs.temporal.io/cloud/tcld). -- Use open-source tools like [certstrap](https://github.com/square/certstrap). +- Use open-source tools like [Certstrap](https://github.com/square/certstrap) to generate a `crt` certificate file or `pem` cryptographic file to store your certificate in portable form. -The next step uses [certstrap](https://github.com/square/certstrap) to generate certificates. +:::info + +- A `.crt` certificate file may be encoded in either PEM (Base64) or DER (binary) format. +- A `.pem` file is a Base64 encoded format for certificates, private keys, and other cryptographic data. + It is structured with clear header and footer lines. + +::: **Create a Certificate Authority (CA)** @@ -192,7 +198,7 @@ Next, you will set the required environment variables. Before running your application, set the following environment variables with the appropriate values provided by your managed Temporal Cloud environment: -- `TEMPORAL_MTLS_TLS_CERT`: The path to the `.pem` file with your mTLS x509 Certificate. +- `TEMPORAL_MTLS_TLS_CERT`: The path to the `.pem` or `.crt` file with your mTLS x509 Certificate. - `TEMPORAL_MTLS_TLS_KEY`: The path to the file with your mTLS private key. - `TEMPORAL_HOST_URL`: The host URL of your managed Temporal Cloud environment. - `TEMPORAL_NAMESPACE`: The Namespace Name and Account Id associated with your Temporal Cloud environment. @@ -201,8 +207,8 @@ Before running your application, set the following environment variables with th ```bash -export TEMPORAL_MTLS_TLS_CERT=/path/to/tls/cert.pem -export TEMPORAL_MTLS_TLS_KEY=/path/to/tls/key.pem +export TEMPORAL_MTLS_TLS_CERT=/path/to/tls/cert-file.(pem|crt) +export TEMPORAL_MTLS_TLS_KEY=/path/to/tls/key-file.(pem|crt) export TEMPORAL_HOST_URL=https://namespace.account-id.tmprl.cloud:port export TEMPORAL_NAMESPACE=namespace.account-id ``` @@ -211,8 +217,8 @@ export TEMPORAL_NAMESPACE=namespace.account-id ```bash -set TEMPORAL_MTLS_TLS_CERT=C:\path\to\tls\cert.pem -set TEMPORAL_MTLS_TLS_KEY=C:\path\to\tls\key.pem +set TEMPORAL_MTLS_TLS_CERT=C:\path\to\tls\cert-file.(pem|crt) +set TEMPORAL_MTLS_TLS_KEY=C:\path\to\tls\key-file.(pem|crt) set TEMPORAL_HOST_URL=https://namespace.account-id.tmprl.cloud:port set TEMPORAL_NAMESPACE=namespace.account-id ``` diff --git a/docs/getting_started/typescript/run_workers_with_cloud_typescript/index.md b/docs/getting_started/typescript/run_workers_with_cloud_typescript/index.md index e092f9b2..b73b3296 100644 --- a/docs/getting_started/typescript/run_workers_with_cloud_typescript/index.md +++ b/docs/getting_started/typescript/run_workers_with_cloud_typescript/index.md @@ -41,9 +41,15 @@ You have a few options to generate certificates. - Use existing certificate management infrastructure to generate certificates for your Namespace. - Use Temporal's built-in certificate generation tool [tcld](https://docs.temporal.io/cloud/tcld). -- Use open-source tools like [certstrap](https://github.com/square/certstrap). +- Use open-source tools like [Certstrap](https://github.com/square/certstrap) to generate a `crt` certificate file or `pem` cryptographic file to store your certificate in portable form. -The next step uses [certstrap](https://github.com/square/certstrap) to generate certificates. +:::info + +- A `.crt` certificate file may be encoded in either PEM (Base64) or DER (binary) format. +- A `.pem` file is a Base64 encoded format for certificates, private keys, and other cryptographic data. + It is structured with clear header and footer lines. + +::: **Create a Certificate Authority (CA)** @@ -197,7 +203,7 @@ Next, you will set the required environment variables. Before running your application, set the following environment variables with the appropriate values provided by your managed Temporal Cloud environment: -- `TEMPORAL_MTLS_TLS_CERT`: The path to the `.pem` file with your mTLS x509 Certificate. +- `TEMPORAL_MTLS_TLS_CERT`: The path to the `.pem` or `.crt` file with your mTLS x509 Certificate. - `TEMPORAL_MTLS_TLS_KEY`: The path to the file with your mTLS private key. - `TEMPORAL_HOST_URL`: The host URL of your managed Temporal Cloud environment. - `TEMPORAL_NAMESPACE`: The Namespace Name and Account Id associated with your Temporal Cloud environment. @@ -206,8 +212,8 @@ Before running your application, set the following environment variables with th ```bash -export TEMPORAL_MTLS_TLS_CERT=/path/to/tls/cert.pem -export TEMPORAL_MTLS_TLS_KEY=/path/to/tls/key.pem +export TEMPORAL_MTLS_TLS_CERT=/path/to/tls/cert-file.(pem|crt) +export TEMPORAL_MTLS_TLS_KEY=/path/to/tls/key-file.(pem|crt) export TEMPORAL_HOST_URL=https://namespace.account-id.tmprl.cloud:port export TEMPORAL_NAMESPACE=namespace.account-id ``` @@ -216,8 +222,8 @@ export TEMPORAL_NAMESPACE=namespace.account-id ```bash -set TEMPORAL_MTLS_TLS_CERT=C:\path\to\tls\cert.pem -set TEMPORAL_MTLS_TLS_KEY=C:\path\to\tls\key.pem +set TEMPORAL_MTLS_TLS_CERT=C:\path\to\tls\cert-file.(pem|crt) +set TEMPORAL_MTLS_TLS_KEY=C:\path\to\tls\key-file.(pem|crt) set TEMPORAL_HOST_URL=https://namespace.account-id.tmprl.cloud:port set TEMPORAL_NAMESPACE=namespace.account-id ```