TLS Support for Redis

Until the last release, Redis was supported without any security protocol. Now, you can enable the security protocol by using any of the following methods:

Connecting to Redis through user credentials

To secure Redis through user credentials, you must set the adminRedisUsername, adminRedisDatabase, adminRedisClientname, and adminRedisPassword properties in the $OM_HOME/roles/configurator/standalone/config/application.properties and $OM_ HOME/roles/authorization-service/standalone/config/application.properties files.

Update catalogRedisUsername, catalogRedisPassword, catalogRedisDatabase, and catalogRedisClientName properties in $OM_HOME/seed-data/app-properties/ConfigValues_AopdService.json, $OM_HOME/seed-data/app-properties/ConfigValues_OrchService.json, $OM_HOME/seed-data/app-properties/ConfigValues_CatalogService.json, and $OM_HOM/seed-data/app-properties/ConfigValues_Jeopardy.json files.

Also update orderRedisUsername, orderRedisPassword, orderRedisDatabase, and orderRedisClientName properties in $OM_HOME/seed-data/app-properties/ConfigValues_OrchService.json, $OM_HOME/seed-data/app-properties/ConfigValues_Migration.json, and $OM_HOME/seed-data/app-properties/ConfigValues_DataService.json files.

Using OpenSSL or TLS

Redis 6.x or later versions support OpenSSL or TLS. For using OpenSSL or TLS, security certificates are required to be generated. To secure Redis by using OpenSSL or TLS, you must set the following properties in the $OM_HOME/roles/configurator/standalone/config/application.properties and $OM_HOME/roles/authorization-service/standalone/config/application.properties files and files from $OM_HOME/seed-data/app-properties:

Property Name Value
redisSslEnabled true
redisKeyStoreType pkcs12
redisKeyStoreAbsoluteFilePath Key store absolute file path
redisKeyStorePassword Password
redisTrustStoreType jks
redisTrustStoreAbsoluteFilePath Trust store absolute file path
redisTrustStorePassword Password
Note: For redisKeyStoreType and redisTrustStoreType properties, only pkcs12 and jks are supported respectively. As of now, no other values are supported.