Help Center/ Distributed Cache Service/ User Guide/ Accessing a DCS Redis Instance/ Controlling DCS Redis Access/ Transmitting DCS Redis Data with Encryption Using SSL
Updated on 2024-10-17 GMT+08:00
View PDF
Share

Transmitting DCS Redis Data with Encryption Using SSL

Single-node, master/standby, and Redis Cluster basic edition DCS Redis 6.0 instances support SSL encryption to ensure data transmission security. This function is not available for other instance versions. RESP (Redis Serialization Protocol), the communication protocol of Reids, only supports plaintext transmission in versions earlier than Redis 6.0.

Due to SSL encryption, SSL and client IP pass-through cannot be enabled at the same time. Encrypted links do not carry client IPs.

Enabling or Disabling SSL

  1. Log in to the DCS console.
  2. Click in the upper left corner of the management console and select the region where your instance is located.
  3. In the navigation pane, choose Cache Manager.
  4. On the Cache Manager page, click a DCS instance.
  5. In the navigation pane, choose SSL.
  6. Click next to SSL Certificate to enable or disable SSL.

    • Enabling or disabling SSL will restart the instance and disconnect it for a few seconds. Wait until off-peak hours and ensure that your application can re-connect.
    • The restart cannot be undone. For single-node DCS instances and other instances where AOF persistence is disabled (appendonly is set to no), data will be cleared and ongoing backup tasks will be stopped. Exercise caution when performing this operation.
    • Enabling SSL will deteriorate read/write performance.

  7. Click Download Certificate to download the SSL certificate.
  8. Decompress the SSL certificate and upload the decompressed ca.crt file to the server where the Redis client is located.
  9. Add the path of the ca.crt file to the command for connecting to the instance. For example, to access an instance on redis-cli, see Connecting to Redis on redis-cli.