Error: redis-cli certificate verify failed

What's Causing This Error

The error 'redis-cli certificate verify failed' occurs when Redis client (redis-cli) is unable to verify the SSL/TLS certificate provided by the Redis server. This error happens because either the certificate presented by the Redis server is not trusted or there might be an issue with the client configuration. When Redis client establishes a secure connection with the Redis server, it checks the certificate provided by the server against a list of trusted certificates stored on the client-side. If the certificate does not match the trusted list or if there is an issue with the client-side configuration, the client throws this error.

Solution - Here's How To Resolve It

To resolve this error, you can follow these possible solutions:

  1. Verify the Redis server certificate: Check if the Redis server has a valid SSL/TLS certificate from a trusted Certificate Authority (CA). Ensure that the certificate has not expired, and its Common Name (CN) matches the hostname used to connect to the Redis server.
  2. Update client trust store: Add the Redis server's certificate to the client's trust store. This step ensures that Redis client trusts the certificate presented by the Redis server during SSL/TLS handshake. You can update the client's trust store by using the 'certutil' command-line tool.
  3. Disable certificate validation: If you do not wish to validate the Redis server's certificate, you can disable certificate validation in the Redis client configuration file. However, this approach is not recommended as it may expose your system to security threats.
  4. Use self-signed certificates: If the Redis server uses a self-signed certificate, you need to add the certificate to the client's trust store. Alternatively, you can create a root CA and use it to sign both the Redis server and client certificates. This approach will ensure that the Redis client trusts the Redis server certificate.

Was this content helpful?

Start building today

Dragonfly is fully compatible with the Redis ecosystem and requires no code changes to implement.