Dragonfly Cloud is now available on the AWS Marketplace - Learn More

Error: redis-cli certificate verify failed

What's Causing This Error

The error 'redis-cli certificate verify failed' occurs when Redis client (redis-cli) is unable to verify the SSL/TLS certificate provided by the Redis server. This error happens because either the certificate presented by the Redis server is not trusted or there might be an issue with the client configuration. When Redis client establishes a secure connection with the Redis server, it checks the certificate provided by the server against a list of trusted certificates stored on the client-side. If the certificate does not match the trusted list or if there is an issue with the client-side configuration, the client throws this error.

Solution - Here's How To Resolve It

To resolve this error, you can follow these possible solutions:

1. Verify the Redis Server Certificate

Ensure that the Redis server has a valid SSL/TLS certificate issued by a recognized Certificate Authority (CA). Check the following:

  • The certificate has not expired.
  • The certificate's Common Name (CN) matches the hostname used in the connection.
  • You can verify the certificate using the openssl command:
openssl s_client -connect {REDIS_SERVER_HOSTNAME}:6379

2. Update Client Trust Store

If the certificate is valid but not trusted on your client machine, you may need to add it to the client's trust store:

certutil -addstore -f "ROOT" path_to_server_certificate.crt

This command adds the server's certificate to the trusted root certificates store.

3. Configure redis-cli for SSL Connections

To connect securely, configure redis-cli with the necessary SSL options:

redis-cli --tls --cacert /path/to/ca.crt -h hostname -p port

This command specifies the CA certificate that redis-cli should trust.

4. Ensure Hostname Matches

Verify that the hostname in the SSL certificate matches the connection hostname. Mismatches between these can lead to verification failures.

5. Update System Trust Store

Keep your system's trust store updated with the latest CA certificates to ensure it can verify newly issued certificates:

update-ca-certificates

6. Disable Certificate Validation (Not Recommended)

For troubleshooting purposes only, you can disable certificate validation:

redis-cli --tls --insecure -h hostname -p port

Note: Disabling certificate validation is insecure and should not be used in production environments.

By following these steps, you should be able to resolve the 'redis-cli certificate verify failed' error and establish a secure connection between your Redis client and server.

Was this content helpful?

Switch & save up to 80% 

Dragonfly is fully compatible with the Redis ecosystem and requires no code changes to implement. Instantly experience up to a 25X boost in performance and 80% reduction in cost