Follow these instructions to create your own certificates to install on your Redis Enterprise cluster. Note that you can install a separate certificate per cluster component.

  1. Create a private key:

    openssl genrsa -out <key-file-name>.pem 2048
    
  2. Create a certificate signing request:

    openssl req -new -key <key-file-name>.pem -out <key-file-name>.csr
    
    Note:

    You will be prompted for a Country Name, State or Province Name, Locality Name, Organization Name, Organizational Unit, and Common Name.

    • You will need to check with your security team or certificate authority for the right values for your organization.

    • The database’s fully qualified domain name (FQDN) is typically used as the common name for the certificate.

  3. Sign the private key using your certificate authority.

    How to obtain a CA signed certificate is different for each organization and CA vendor. Consult your security team or certificate authority for the appropriate way to sign a certificate.

  4. Upload the certificate to the cluster.

    To upload the new certificate and replace the current certificate with the rladmin command-line utility, run the cluster certificate set command:

    rladmin cluster certificate set <cert-name> \
        certificate_file <cert-file-name>.pem \
        key_file <key-file-name>.pem
    

    Replace the following variables with your own values:

    • <cert-name> - The name of the certificate to update. See the certificates table for the list of valid certificate names.
    • <cert-file-name> - The certificate filename
    • <key-file-name> - The key filename