Transmitting DCS Redis Data with Encryption Using SSL

Notes and Constraints

• Either SSL or client IP pass-through can be enabled. When SSL is enabled, data is encrypted without carrying client IP addresses.
• Enabling SSL will deteriorate read/write performance.
• Enabling or disabling SSL will restart the instance and disconnect it for a few seconds. Wait until off-peak hours and ensure that your application can re-connect.
• The restart cannot be undone. For single-node DCS instances and other instances where AOF persistence is disabled ("appendonly" is set to "no"), data will be cleared and ongoing backup tasks will be stopped. Exercise caution when performing this operation.

Enabling or Disabling SSL

1. Log in to the DCS console.
2. Click in the upper left corner of the console and select the region where your instance is located.
3. In the navigation pane, choose Cache Manager.
4. On the Cache Manager page, click a DCS instance.
5. In the navigation pane, choose SSL.
6. Click next to SSL Certificate to enable or disable SSL.
7. Click Download Certificate to download the SSL certificate.
8. Decompress the SSL certificate and upload the decompressed ca.crt file to the server where the Redis client is located. To upload it to an ECS, see File Upload/Data Transfer.
9. Add the path of the ca.crt file to the command for connecting to the instance. For example, to access an instance on redis-cli, see Connecting to Redis on redis-cli.

Related Documents

To configure SSL by calling an API, see:

• Enabling or Disabling SSL
• Querying SSL Encryption of an Instance
• Downloading the SSL Certificate of an Instance