I am able to connect to Redis via
redis-cli --tls --cert ~/cert/test/redis.example.com.chain.pem --key ~/cert/test/redis.example.com.key \-h [redis-endpoint] -p 6379 andauth username passwordAnd I'm trying to write Java code using Lettuce(ver 6.0.x), but not able to connect.
Here are the steps I tried:
- creating keyopenssl req -new -newkey rsa:2048 -sha256 -keyout redis.example.com.key.pem -subj "/"openssl rsa -in redis.example.com.key.pem -out redis.example.com.key
I was able to connect to Redis cluster via Redis-cli command line
redis-cli --tls --cert ~/cert/test/redis.example.com.chain.pem --key ~/cert/test/redis.example.com.key -h redis.example.com.key.com -p 6375 auth username password3. creating Key store
openssl pkcs12 -export -in redis.example.com.chain.pem -inkey redis.example.com.key.pem -out keystore.p12- creating trust store
keytool -importcert -file root_ca.pem -destkeystore root-ca.truststore.p12 -storetype pkcs12 -alias root-cakeytool -importcert -file corporate_root_ca.pem -destkeystore root-ca.truststore.p12 -storetype pkcs12 -alias cm-root-ca- Java code
RedisURI redisUri = RedisURI.Builder.redis(enterpriseConfig.getEndpoint()) .withSsl(true) .withAuthentication(userName, password) .withPort(port) .build(); ClusterTopologyRefreshOptions topologyRefreshOptions = ClusterTopologyRefreshOptions.builder() .enablePeriodicRefresh() .enableAllAdaptiveRefreshTriggers() .refreshTriggersReconnectAttempts(3) .build(); RedisClusterClient cluster = RedisClusterClient.create(redisUri); ClusterClientOptions clientOptions = ClusterClientOptions.builder() .topologyRefreshOptions(topologyRefreshOptions) .autoReconnect(true) .sslOptions(buildSslOptions()) .build(); cluster.setOptions(clientOptions); System.out.println("connecting ... "); return cluster.connect();- buildSslOptions()
private static SslOptions buildSslOptions() throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException { Map<String, String> clientCert = ConfigLoader.getConfiguration().getClientCert(); if (clientCert != null){ String baseDir = clientCert.get(CERT_BASE_DIR); String slash = "/"; if (baseDir.lastIndexOf("/") == baseDir.length() - 1) { slash = ""; } String keystore = baseDir + slash + clientCert.get(KEY_STORE); String keystoreType = clientCert.get(KEY_STORE_TYPE); String keystorePassword = clientCert.get(KEY_STORE_PASSWORD); String truststore = baseDir + slash + clientCert.get(TRUST_STORE); String truststoreType = clientCert.get(TRUST_STORE_TYPE); String truststorePassword = clientCert.get(TRUST_STORE_PASSWORD); KeyStore keyStore = KeyStore.getInstance(keystoreType); FileInputStream keyStoreFile = new FileInputStream(keystore); keyStore.load(keyStoreFile, keystorePassword.toCharArray()); KeyStore trustStore = KeyStore.getInstance(truststoreType); FileInputStream trustStoreFile = new FileInputStream(truststore); trustStore.load(trustStoreFile, truststorePassword.toCharArray()); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, keystorePassword.toCharArray()); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); return SslOptions.builder() .keyManager(keyManagerFactory) .trustManager(trustManagerFactory) .build(); } else { return null; } }The Errors I got
connecting ...Exception in thread "main" com.google.common.util.concurrent.UncheckedExecutionException: io.lettuce.core.RedisConnectionException: Unable to establish a connection to Redis Cluster...Caused by: io.lettuce.core.cluster.topology.DefaultClusterTopologyRefresh$CannotRetrieveClusterPartitions: Cannot retrieve cluster partitions from [rediss://[username_masked]:*****************@[redis_url]:6379]...Details: [rediss://[username_masked]:*****************@[redis_url]:6379]: ERR command is not allowed Suppressed: io.lettuce.core.RedisCommandExecutionException: ERR command is not allowedWhat did I miss?