SSL routines:ssl3_read_bytes:sslv3 alert unsupported certificate

[Paweł Eljasz]

Hi guys.

I'm trying to set up my Redis with TLS and I used easy-rsa for the that.

I have Redis starts happy and free from errors and warnings in log with certificates but when I connect with:

-> $ redis-cli --tls --cert /etc/pki/easy-rsa/pki/issued/c8kubernode2.private.wel.crt --key /etc/pki/easy-rsa/pki/private/c8kubernode2.private.wel.key --cacert /etc/pki/easy-rsa/pki/ca.crt  
Could not connect to Redis at 127.0.0.1:6379: SSL_connect failed: certificate verify failed

and in server log:

240013:M 02 Mar 2021 03:17:29.385 # Error accepting a client connection: error:14094413:SSL routines:ssl3_read_bytes:sslv3 alert unsupported certificate

Also 'redis-cli' with no TLS and server with:

tls-auth-clients optional (or 'no')

results in failure.

I'm on CentOS with redis-6.0.9

I'll be grateful for any suggestions or thoughts on how to troubleshoot it.

many thanks, P.

[Vikram Moule]

Hi Pawel,

Can you share how did you create the certs with easy-rsa?

Regards,

Vikram

Disclaimer

The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.