Redis TLS Certificate Verification
Transport Layer Security (TLS) is required for all connections to the Redis server. You must verify the server's certificate to establish a secure TLS connection. If certificate verification fails with the error redis-cli certificate verify failed, you can perform one of the following options:
Option 1: Trust the Certificate Globally
Add the Redis server’s CA certificate to the system trust store.
Option 2: Provide the CA Certificate Directly to the Client
Use the --cacert option with redis-cli, specifying the path to the CA certificate that signed the Redis server’s certificate.
Note:
If your system trust store is up-to-date,
--cacertis usually not required.If you need the CA certificate, download it from Let's Encrypt certificates.
Option 3: Skip Certificate Verification
Use the --insecure option to bypass the certificate checks.
Warning: You may skip verification of certificates for troubleshooting purposes only. It is not recommended for production environments.
Additional checks
Ensure the certificate’s Common Name (CN) or Subject Alternative Name (SAN) matches the hostname you use to connect.
Keep your system trust store current to avoid outdated CA issues.
Last updated
Was this helpful?