Help Center/ GeminiDB/ GeminiDB Redis API/ Working with GeminiDB Redis API/ Instance Connection and Management/ Connection Information Management/ Connecting a GeminiDB Redis Instance over SSL
Updated on 2025-01-24 GMT+08:00
View PDF
Share

Connecting a GeminiDB Redis Instance over SSL

GeminiDB Redis allows you to connect to a GeminiDB Redis instance through Redis-cli in SSL mode for data encryption and higher security. This section describes how to connect to a GeminiDB Redis instance using SSL.

Usage Notes

  • The target instance must be in the same VPC and subnet as the ECS.
  • The ECS must be in a security group that has access to the instances. For details, see Configuring Security Group Rules for a GeminiDB Redis Instance.
  • After the SSL connection is enabled, download the SSL certificate for your applications to access to the GeminiDB Redis instance.
  • If the SSL connection is used, ensure that the Redis client, for example, Redis-cli 6.x, supports SSL.

Prerequisites

An ECS has been created. The following uses a Linux ECS as an example. For details, see Purchasing an ECS in Getting Started with Elastic Cloud Server.

Procedure

  1. Log in to the ECS. For details, see Logging In to an ECS in Getting Started with Elastic Cloud Server.
  2. Obtain the Redis client.

    Method 1

    Run the following command to download the Redis client.

    wget https://download.redis.io/releases/redis-6.2.6.tar.gz

    Method 2

    Download the Redis client and upload the Redis client installation package to the ECS.

  3. Obtain the SSL certificate.

    Click the target instance name. On the Basic Information page, in the Connection Information area, click the download button in the SSL field to obtain the SSL certificate.

    Figure 1 Obtaining the SSL certificate

  4. Upload the SSL certificate to the ECS.
  5. Check the OpenSSL version supported by the ECS OS. 

    openssl version
    • The SSL function provided by GeminiDB Redis supports only TLS 1.3 or later.
    • The OpenSSL version in the ECS OS must be 1.1.1 or later so that redis-cli can support TLS 1.3 or later.
    • If the OS version is earlier than 1.1.1, perform the following steps to install OpenSSL: 
      wget https://www.openssl.org/source/openssl-1.1.1m.tar.gz
tar -zxvf openssl-1.1.1m.tar.gz
cd openssl-1.1.1m/
./config --prefix=/usr/local/openssl-1.1.1m_install_dir
make
make install

      After OpenSSL is installed, go to 6.

    • If the OS is 1.1.1 or later, go to 6.

  6. Decompress the client package. 

    tar -xzf redis-6.2.6.tar.gz

  7. Open the src directory and connect to the DB instance.

    • If the required OpenSSL version has been installed by performing 5 and the version is earlier than 1.1.1, you can connect to the DB instance using the following method: 
      cd redis-6.2.6
make BUILD_TLS=yes OPENSSL_PREFIX=/usr/local/openssl-1.1.1m_install_dir
cd src
LD_PRELOAD=/usr/local/openssl-1.1.1m_install_dir/lib/libssl.so.1.1:/usr/local/openssl-1.1.1m_install_dir/lib/libcrypto.so.1.1 ./redis-cli -h <DB_HOST> -p <DB_PORT> -a <DB_PWD> --tls --cacert <CACERT_PATH>

      Example:

      LD_PRELOAD=/usr/local/openssl-1.1.1m_install_dir/lib/libssl.so.1.1:/usr/local/openssl-1.1.1m_install_dir/lib/libcrypto.so.1.1 ./redis-cli -h 192.168.0.208 -p 6379 -a <DB_PWD> --tls --cacert ./cacert.crt
    • If the OpenSSL version in the ECS OS is 1.1.1 or later, you can connect to the DB instance using the following method: 
      cd redis-6.2.6
make BUILD_TLS=yes
cd src
./redis-cli -h <DB_HOST> -p <DB_PORT> -a <DB_PWD> --tls --cacert <CACERT_PATH>

      Example:

      ./redis-cli -h 192.168.0.208 -p 6379 -a <DB_PWD> --tls --cacert ./cacert.crt
    Table 1 Parameter Description

    Parameter

    Description

    <DB_HOST>

    Private IP address of an instance to be connected.

    To obtain this IP address, go to the Instances page, locate the instance, and click its name. The IP address can be found in the Private IP Address field under Node Information on the Basic Information page.

    If the instance you purchased has multiple nodes, select the private IP address of any node.

    <DB_PORT>

    Port for accessing the target instance. Configure this parameter based on service requirements.

    To obtain the port number, perform the following steps:

    On the Instances page, locate the instance and click its name. On the Basic Information page, in the Network Information area, view the database port.

    <DB_PWD>

    Administrator password set when you buy a GeminiDB Redis instance

    <CACERT_PATH>

    SSL certificate path

  8. Check the results. If information similar to the following is displayed, the connection is successful. 

    IP:port>

Parent Topic: Connection Information Management