Configuring SSL

DCS Redis 6.0 instances support SSL encryption to ensure data transmission security. This function is not available for other instance versions. RESP (REdis Serialization Protocol), the communication protocol of Reids, only supports plaintext transmission in versions earlier than Redis 6.0.

Procedure

  1. Log in to the DCS console.

  2. Click image1 in the upper left corner of the management console and select the region where your instance is located.

  3. In the navigation pane, choose Cache Manager.

  4. On the Cache Manager page, click a DCS instance.

  5. In the navigation pane, choose SSL.

  6. Click image2 next to SSL Certificate to enable or disable SSL.

    Important

    • Enabling or disabling SSL will restart the instance and disconnect it for a few seconds. Wait until off-peak hours and ensure that your application can re-connect.

    • The restart cannot be undone. For single-node DCS instances and other instances where AOF persistence is disabled (appendonly is set to no), data will be cleared and ongoing backup tasks will be stopped. Exercise caution when performing this operation.

    • Enabling SSL will deteriorate read/write performance.

  7. Click Download Certificate to download the SSL certificate.

  8. Decompress the SSL certificate and upload the decompressed ca.crt file to the server where the Redis client is located.

  9. Add the path of the ca.crt file to the command for connecting to the instance. If you use redis-cli to connect to an instance, refer to Accessing a DCS Redis Instance Through redis-cli.