Using Redis with TLS in
The can connect to Redis servers enabled with TLS. TLS is often required when using Redis as-a-service.
To indicate that the connection should be attempted with TLS, switch the protocol from
redis
to rediss
as follows:
address: "rediss://127.0.0.1:6379"
- sslEnableEndpointIdentification
- Set to true to require the client to validate the Redis server's hostname using the server's certificate. The Redis server's certificate must be present in the client's truststore. As this setting defaults to true, you must explicitely disable it when endpoint identification is not possible or required.
- sslTruststore
- The location to the truststore file (.jks,.p12) that contains the Redis server public certificate. This is required when sslEnableEndpointIdentification is set to true.
- sslTruststorePassword
- The password for the truststore.
Truststore files used with
Redis certificates are typically stored in the default truststore. provides a framework to automatically install certificates from Vault. See Managing certificates with Vault and Managing certificates manually for more details. Certificates can also be installed on Java's default truststore.
As the path to the truststore can vary depending if running on
WebSphere Liberty or Classic (ts-app
), the
provides the ${WEBSPHERE_TRUSTSTORE_PATH} variable that will
automatically locate the truststore. When using
${WEBSPHERE_TRUSTSTORE_PATH},
sslTruststorePassword does not need to be specified.
- Sample configuration
-
singleServerConfig: ... address: "rediss://hcl-commerce-redis-master.redis.svc.cluster.local:6379" sslEnableEndpointIdentification: true sslTruststore: "${WEBSPHERE_TRUSTSTORE_PATH}" ...