This topic describes how to enable Secure Socket Layer (SSL) encryption to enhance security during data transmission. It also describes how to change the version of Transport Layer Security (TLS) based on business requirements.
Prerequisites
- Redis 2.8 standard master-replica instances
Note You cannot change the TLS version for Redis 2.8 standard master-replica instances.
- Redis 2.8 cluster instances
- Redis 4.0 cluster instances
- Redis 5.0 cluster instances
Note SSL encryption may increase the network latency of instances. We recommend that you
enable this feature only when required.
Enable SSL encryption
Change the TLS version
Update the SSL certificate validity
You can update the validity period of your certificate in the ApsaraDB for Redis console. The validity period is extended for one year from the date of the update.
Warning If you update the validity period of an SSL certificate, the instance is restarted.
During the restart process, the instance is disconnected for a few seconds. We recommend
that you update the certificate during off-peak hours and make sure that your application
supports automatic reconnection.
Download the CA certificate
- Log on to the ApsaraDB for Redis console.
- On the top of the page, select the region where the instance is deployed.
- On the Instances page, click the Instance ID of the instance.
- In the left-side navigation pane, click SSL Settings.
- On the SSL Settings page, click Download SSL Certificate.
FAQ
What can I do if the error message "version not supported" appears?
You can upgrade the minor version of the instance. For more information, see Upgrade the minor version.
Related operations
API | Description |
---|---|
ModifyInstanceSSL | Enables or disables the SSL encryption of an ApsaraDB for Redis instance. |