Error: redis-cli certificate verify failed
Solution
What's Causing This Error
The error 'redis-cli certificate verify failed' occurs when Redis client (redis-cli) is unable to verify the SSL/TLS certificate provided by the Redis server. This error happens because either the certificate presented by the Redis server is not trusted or there might be an issue with the client configuration. When Redis client establishes a secure connection with the Redis server, it checks the certificate provided by the server against a list of trusted certificates stored on the client-side. If the certificate does not match the trusted list or if there is an issue with the client-side configuration, the client throws this error.
## Solution - Here's How To Resolve It
To resolve this error, you can follow these possible solutions:
### 1. Verify the Redis Server Certificate
Ensure that the Redis server has a valid SSL/TLS certificate issued by a recognized Certificate Authority (CA). Check the following:
- The certificate has not expired.
- The certificate's Common Name (CN) matches the hostname used in the connection.
- You can verify the certificate using the
opensslcommand:
```bash
openssl s_client -connect {REDIS_SERVER_HOSTNAME}:6379
```
### 2. Update Client Trust Store
If the certificate is valid but not trusted on your client machine, you may need to add it to the client's trust store:
```bash
certutil -addstore -f "ROOT" path_to_server_certificate.crt
```
This command adds the server's certificate to the trusted root certificates store.
### 3. Configure redis-cli for SSL Connections
To connect securely, configureredis-cliwith the necessary SSL options:
```bash
redis-cli --tls --cacert /path/to/ca.crt -h hostname -p port
```
This command specifies the CA certificate that redis-cli should trust.
### 4. Ensure Hostname Matches
Verify that the hostname in the SSL certificate matches the connection hostname. Mismatches between these can lead to verification failures.
### 5. Update System Trust Store
Keep your system's trust store updated with the latest CA certificates to ensure it can verify newly issued certificates:
```bash
update-ca-certificates
```
### 6. Disable Certificate Validation (Not Recommended)
For troubleshooting purposes only, you can disable certificate validation:
```bash
redis-cli --tls --insecure -h hostname -p port
```
Note: Disabling certificate validation is insecure and should not be used in production environments.
By following these steps, you should be able to resolve the 'redis-cli certificate verify failed' error and establish a secure connection between your Redis client and server.
Was this content helpful?
Other Common Redis Errors (with Solutions)
- could not connect to redis at 127.0.0.1:6379: connection refused
- redis error server closed the connection
- redis.exceptions.responseerror: value is not an integer or out of range
- redis.exceptions.responseerror moved
- redis.exceptions.responseerror noauth authentication required
- redis-server failed to start advanced key-value store
- spring boot redis unable to connect to localhost 6379
- unable to configure redis to keyspace notifications
- redis.clients.jedis.exceptions.jedismoveddataexception
- could not get resource from pool redis
- failed to restart redis service unit redis service not found
- job for redis-server.service failed because a timeout was exceeded
Free System Design on AWS E-Book
Download this early release of O'Reilly's latest cloud infrastructure e-book: System Design on AWS.
Switch & save up to 80%
Dragonfly is fully compatible with the Redis ecosystem and requires no code changes to implement. Instantly experience up to a 25X boost in performance and 80% reduction in cost