# TlsDomainClient

The `TlsDomainClient` struct specifies information about how to connect
to a [TLS Domain](../../multiplexing.md#tls-domains).

It is a lua object with the following fields:

```lua
{
    -- The name of this specific domain.  Must be unique amongst
    -- all types of domain in the configuration file.
    name = "server.name",

    -- If set, use ssh to connect, start the server, and obtain
    -- a certificate.
    -- The value is "user@host:port", just like "wezterm ssh" accepts.
    bootstrap_via_ssh = "server.hostname",

    -- identifies the host:port pair of the remote server.
    remote_address = "server.hostname:8080",

    -- the path to an x509 PEM encoded private key file.
    -- Omit this if you are using `bootstrap_via_ssh`.
    -- pem_private_key = "/some/path/key.pem",

    -- the path to an x509 PEM encoded certificate file
    -- Omit this if you are using `bootstrap_via_ssh`.
    -- pem_cert = "/some/path/cert.pem",

    -- the path to an x509 PEM encoded CA chain file
    -- Omit this if you are using `bootstrap_via_ssh`.
    -- pem_ca = "/some/path/ca.pem",

    -- A set of paths to load additional CA certificates.
    -- Each entry can be either the path to a directory or to a PEM encoded
    -- CA file.  If an entry is a directory, then its contents will be
    -- loaded as CA certs and added to the trust store.
    -- Omit this if you are using `bootstrap_via_ssh`.
    -- pem_root_certs = { "/some/path/ca1.pem", "/some/path/ca2.pem" },

    -- explicitly control whether the client checks that the certificate
    -- presented by the server matches the hostname portion of
    -- `remote_address`.  The default is true.  This option is made
    -- available for troubleshooting purposes and should not be used outside
    -- of a controlled environment as it weakens the security of the TLS
    -- channel.
    -- accept_invalid_hostnames = false,

    -- the hostname string that we expect to match against the common name
    -- field in the certificate presented by the server.  This defaults to
    -- the hostname portion of the `remote_address` configuration and you
    -- should not normally need to override this value.
    -- expected_cn = "other.name",

    -- If true, connect to this domain automatically at startup
    -- connect_automatically = false,

    -- Specify an alternate read timeout
    -- read_timeout = 60,

    -- Specify an alternate write timeout
    -- write_timeout = 60,

    -- The path to the wezterm binary on the remote host
    -- remote_wezterm_path = "/home/myname/bin/wezterm"
}
```