This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

GCP Memorystore Redis access with TLS

Posted on 02-23-2024 02:51 AM
alexdrc00
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hello,

I had a memorystore redis instance set up with auth and was able to connect to ir perfectly with redispy from a vm, with redis-cli and from a redisinsight deployed in gke.

I have now recreated the instance but with tls encryption and I am failing to connect from all three. I have tried using the server-ca and self signed certs but have not found success. I am a bit lost here I don't know if I am approaching this correctly or if I missed something, so I would greatly appreciate it if someone could share some guidance on how to connect when tls is enabled.

 

Thanks

Solved Solved
0 1 767
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
ms4446
Staff
Reply posted on --/--/---- --:-- AM

Connecting to a Google Cloud Memorystore for Redis instance with TLS encryption requires a few additional steps and configurations compared to a non-TLS setup:

Prerequisites:

  • TLS Certificates: Make sure you have the Server CA Certificate. You can find this in the Google Cloud console after enabling TLS.

Connecting to Your TLS-Enabled Redis Instance:

1. Using redis-cli

  • Download Certificates: Get the server CA certificate from your Google Cloud console.

  • Command Line:

     
    redis-cli --tls --cacert <path-to-server-ca> -h <redis-host> -p <redis-port> -a <your-password>
     
    • Replace <path-to-server-ca>, <redis-host>, <redis-port>, and <your-password> with the correct values for your instance.
    • Important: The --auth option is not valid. Use -a for password authentication.

2. Using RedisPy (Python)

  • Python Code:

     
    import redis 

redis_client = redis.StrictRedis( 
    host='your-redis-host', 
    port=your-redis-port, 
    password='your-password', 
    ssl=True, 
    ssl_ca_certs='path/to/server-ca.crt' 
)
    • Remember to replace the placeholders with your correct information.

3. Using RedisInsight

  • Certificate Upload: During connection setup in RedisInsight, upload your server CA certificate.
  • TLS Options: In the RedisInsight UI, enable TLS-related settings for your connection.

Troubleshooting Tips:

  • Firewall Rules: Check that your firewall allows traffic on the Redis port.
  • Certificate Paths: Double-check that the certificate paths in your code or commands are accurate.
  • Error Messages: If you encounter errors, read the messages carefully for clues.

Additional Notes:

  • Client-specific instructions may have slight variations. Make sure you have TLS-compatible versions of redis-cli, redis-py, and RedisInsight.
  • Google Cloud Memorystore for Redis doesn't use mutual TLS (client authentication). You don't need client certificates and keys.
  • For the latest information, always consult the official Google Cloud Memorystore for Redis documentation.

View solution in original post

Jump to Solution
1 REPLY 1

Posted on --/--/---- --:-- AM
ms4446
Staff
Reply posted on --/--/---- --:-- AM

Connecting to a Google Cloud Memorystore for Redis instance with TLS encryption requires a few additional steps and configurations compared to a non-TLS setup:

Prerequisites:

  • TLS Certificates: Make sure you have the Server CA Certificate. You can find this in the Google Cloud console after enabling TLS.

Connecting to Your TLS-Enabled Redis Instance:

1. Using redis-cli

  • Download Certificates: Get the server CA certificate from your Google Cloud console.

  • Command Line:

     
    redis-cli --tls --cacert <path-to-server-ca> -h <redis-host> -p <redis-port> -a <your-password>
     
    • Replace <path-to-server-ca>, <redis-host>, <redis-port>, and <your-password> with the correct values for your instance.
    • Important: The --auth option is not valid. Use -a for password authentication.

2. Using RedisPy (Python)

  • Python Code:

     
    import redis 

redis_client = redis.StrictRedis( 
    host='your-redis-host', 
    port=your-redis-port, 
    password='your-password', 
    ssl=True, 
    ssl_ca_certs='path/to/server-ca.crt' 
)
    • Remember to replace the placeholders with your correct information.

3. Using RedisInsight

  • Certificate Upload: During connection setup in RedisInsight, upload your server CA certificate.
  • TLS Options: In the RedisInsight UI, enable TLS-related settings for your connection.

Troubleshooting Tips:

  • Firewall Rules: Check that your firewall allows traffic on the Redis port.
  • Certificate Paths: Double-check that the certificate paths in your code or commands are accurate.
  • Error Messages: If you encounter errors, read the messages carefully for clues.

Additional Notes:

  • Client-specific instructions may have slight variations. Make sure you have TLS-compatible versions of redis-cli, redis-py, and RedisInsight.
  • Google Cloud Memorystore for Redis doesn't use mutual TLS (client authentication). You don't need client certificates and keys.
  • For the latest information, always consult the official Google Cloud Memorystore for Redis documentation.
Jump to Solution
Top Solution Authors
View all