TLS Support for Redis
Until the last release, Redis was supported without any security protocol. Now, you can enable the security protocol by using any of the following methods:
Connecting to Redis through user credentials
To secure Redis through user credentials, you must set the
adminRedisUsername
,
adminRedisDatabase
,
adminRedisClientname
, and
adminRedisPassword
properties in the
$OM_HOME/roles/configurator/standalone/config/application.properties and
$OM_ HOME/roles/authorization-service/standalone/config/application.properties files.
Update
catalogRedisUsername
,
catalogRedisPassword
,
catalogRedisDatabase
, and
catalogRedisClientName
properties in
$OM_HOME/seed-data/app-properties/ConfigValues_AopdService.json,
$OM_HOME/seed-data/app-properties/ConfigValues_OrchService.json,
$OM_HOME/seed-data/app-properties/ConfigValues_CatalogService.json, and
$OM_HOM/seed-data/app-properties/ConfigValues_Jeopardy.json files.
Also update
orderRedisUsername
,
orderRedisPassword
,
orderRedisDatabase
, and
orderRedisClientName
properties in
$OM_HOME/seed-data/app-properties/ConfigValues_OrchService.json,
$OM_HOME/seed-data/app-properties/ConfigValues_Migration.json, and
$OM_HOME/seed-data/app-properties/ConfigValues_DataService.json files.
Using OpenSSL or TLS
Redis 6.x or later versions support OpenSSL or TLS. For using OpenSSL or TLS, security certificates are required to be generated. To secure Redis by using OpenSSL or TLS, you must set the following properties in the $OM_HOME/roles/configurator/standalone/config/application.properties and $OM_HOME/roles/authorization-service/standalone/config/application.properties files and files from $OM_HOME/seed-data/app-properties:
Property Name | Value |
---|---|
redisSslEnabled | true |
redisKeyStoreType | pkcs12 |
redisKeyStoreAbsoluteFilePath | Key store absolute file path |
redisKeyStorePassword | Password |
redisTrustStoreType | jks |
redisTrustStoreAbsoluteFilePath | Trust store absolute file path |
redisTrustStorePassword | Password |
redisKeyStoreType
and
redisTrustStoreType
properties, only pkcs12 and jks are supported respectively. As of now, no other values are supported.