SSL Certificate Validation - Redis

Redis does not have built-in support for SSL. It is recommended that you use tunneling software, such as stunnel, to enable SSL for your Redis Server. Stunnel configuration involves specifying the port for accepting secure connection and the certificate to be used as the server certificate.

To enable SSL with the Redis SSL client, the certificate thumbprint must be added in the Archer Control Panel. Archer is qualified for the stunnel server. The stunnel server can be configured to do a full certificate validation including certificate chain validation, or a name-sake validation. For the server certificate, the Archer Control Panel does a strict validation of the certificate presented by the server as part of the handshake. For more information on using stunnel with Redis, see the documentation on the Redis website.

Verify that the certificate that is used with the stunnel server satisfies the following conditions:

  • The certificate chain is trusted by the Archer Control Panel and all Archer Services and Web servers. All intermediate authorities and the root authority must be trusted on all the servers.
  • The certificate is issued with the correct subject name. There cannot be any name mismatch or any other SSL policy errors.
  • The certificate must be valid and not expired.

You can test the server connecting in the Archer Control Panel. For more information, see "Testing the Cache Connection" in the Archer Control Panel Help.