Redis TLS Certificate Verification

Transport Layer Security (TLS) is required for all connections to the Redis server. You must verify the server's certificate to establish a secure TLS connection. If certificate verification fails with the error redis-cli certificate verify failed, you can perform one of the following options:

Option 1: Trust the Certificate Globally

Add the Redis server’s CA certificate to the system trust store.

Option 2: Provide the CA Certificate Directly to the Client

Use the --cacert option with redis-cli, specifying the path to the CA certificate that signed the Redis server’s certificate.

Note:

If your system trust store is up-to-date, --cacert is usually not required.
If you need the CA certificate, download it from Let's Encrypt certificates.

Option 3: Skip Certificate Verification

Use the --insecure option to bypass the certificate checks.

Warning: You may skip verification of certificates for troubleshooting purposes only. It is not recommended for production environments.

Additional checks

Ensure the certificate’s Common Name (CN) or Subject Alternative Name (SAN) matches the hostname you use to connect.
Keep your system trust store current to avoid outdated CA issues.

PreviousTroubleshooting NextFAQ

Last updated 22 days ago

Was this helpful?