[Feat]: Add support for custom SSL Certificates similar to FastAPI
dvmorris opened this issue · 0 comments
Is your feature request related to a problem? Please describe.
Enterprises that use SSL inspection tools like ZScaler can cause problems when deploying a2a agents that need to communicate across a corporate network. Errors like SSL: CERTIFICATE_VERIFY_FAILED are often encountered in situations like this.
The typical path to resolve an issue like this is to ask the corporate network administrator to disable network inspection on the specific network paths where the agent(s) are operating, or to bake the ZScaler Root CA cert into each container runtime.
Describe the solution you'd like
FastAPI provides the ability to provide custom SSL certs at server startup, as described in this article: https://medium.com/@mariovanrooij/adding-https-to-fastapi-ad5e0f9e084e
It would be helpful to have the a2a python implementation support a similar technique, so developers don't have to necessarily bake the ZScaler SSL cert into a specific location in their container run time.
Describe alternatives you've considered
Baking the cert into a specific location in the container depending on the OS, for example:
# Assuming your zscaler cert is in the same directory as your Dockerfile
# Copy the Zscaler root CA certificate into the container
COPY zscaler_root_ca.crt /usr/local/share/ca-certificates/zscaler_root_ca.crt
# Update the CA certificate store
RUN chmod 644 /usr/local/share/ca-certificates/zscaler_root_ca.crt && \
update-ca-certificates
Additional context
No response
Code of Conduct
- I agree to follow this project's Code of Conduct