Make it easier to use user certificate files by mgravell · Pull Request #2873 · StackExchange/StackExchange.Redis (original) (raw)

Historically, certs only worked with PFX files, which made it a pain to work with the cert pairs typically downloaded from hosts like Redis Ltd; however, on more recent .NET versions PEM is fully available. Here, we:

• add new methods on ConfigurationOptions (akin to the existing TrustIssuer method) to configure certificates from files
• support PEM in the ambient setup

There are no tests added here, due to the inherent problems of CI talking to such servers; however:

var options = ConfigurationOptions.Parse("redis-redacted.redislabs.com:4242"); // port also redacted options.TrustIssuer(@"C:\Code\RedisKeys\redis_ca.pem"); options.SetUserPemCertificate(@"C:\Code\RedisKeys\redis-redacted.crt", @"C:\Code\RedisKeys\redis-redacted.key"); using var conn = await ConnectionMultiplexer.ConnectAsync(options); for (int i = 0; i < 10; i++) { var ttl = await conn.GetDatabase().PingAsync(); Console.WriteLine(ttl); }

works with the files downloaded from my hosted Redis Ltd endpoint:

To @philon-msft : open question: can we check Azure Redis with similar?

^^^ update: Philo assures me that Azure Redis doesn't have any relevant client-cert scenarios to consider