Configure SSL encryption for an ApsaraDB for Redis instance

Usage notes

• SSL encryption may increase the network latency of instances. We recommend that you enable this feature only when required. For example, you can enable SSL encryption if you connect to an ApsaraDB for Redis instance over the Internet.
• After you enable SSL encryption for an instance, both SSL and non-SSL connections are supported.

Procedure

1. Log on to the ApsaraDB for Redis console.
2. In the top navigation bar of the page, select the region where the instance is deployed.
3. On the Instances page, click the ID of the instance.
4. Perform one of the following operations.

   

   Operation	Description
   Enable or disable SSL encryption	Turn on or off SSL Certificate.
   Modify the earliest TLS version supported by the instance	Click SSL next to Minimum TLS version, select a TLS version from the drop-down list, and then click Save. The default value is TLSv1. Note If the Minimum TLS version drop-down list is unavailable, you must update your instance to the latest minor version. For more information, see Upgrade the minor version. This operation is not supported if you use a Redis 2.8 instance of the standard architecture.
   Update the CA certificate	Click Update Validity in the upper-right corner of the page, and then click OK. Warning If you update the validity period of a CA certificate, the instance is restarted. During the restart process, the instance experiences transient connections for a few seconds. We recommend that you update the certificate during off-peak hours and make sure that your application supports automatic reconnection.
   Download the CA certificate	In the upper-right corner of the page, click Download SSL Certificate.

FAQ

What can I do if the error message "version not supported" appears?

You must update your instance to the latest minor version. For more information, see Upgrade the minor version.

Related operations