Redis TLS Certificate Verification

Transport Layer Security (TLS) is required for all connections to the Redis server. You must verify the server's certificate to establish a secure TLS connection. If certificate verification fails with the error redis-cli certificate verify failed, you can perform one of the following options:

Option 1: Trust the Certificate Globally

Add the Redis server’s CA certificate to the system trust store.

Option 2: Provide the CA Certificate Directly to the Client

Use the --cacert option with redis-cli, specifying the path to the CA certificate that signed the Redis server’s certificate.

Note:

  • If your system trust store is up-to-date, --cacert is usually not required.

  • If you need the CA certificate, download it from Let's Encrypt certificates.

Option 3: Skip Certificate Verification

Use the --insecure option to bypass the certificate checks.

Additional checks

  • Ensure the certificate’s Common Name (CN) or Subject Alternative Name (SAN) matches the hostname you use to connect.

  • Keep your system trust store current to avoid outdated CA issues.

Last updated

Was this helpful?