1

Getting below error when trying to connect to redis cluster using golang "github.com/go-redis/redis/v9" client. I am able to successfully connect using redis-cli and python with mTLS client certificate, whereas it is failing from golang. Can anyone help me on this issue ?

server redis_version:6.2.6 

remote error: tls: unknown certificate authority

func RedisCluster() (*redis.ClusterClient, error) {
    var rediscluster redisCluster
    // read redis cluster information
    rootCAs, _ := x509.SystemCertPool()
    fmt.Println(rootCAs)
    if rootCAs == nil {
        rootCAs = x509.NewCertPool()
    }
    redisConfig, err := configmap.Load("/etc/config/redisClusterConfig.json")
    if err != nil {
        return nil, err
    }
    if err := json.Unmarshal([]byte(redisConfig["redisClusterConfig.json"]), &rediscluster); err != nil {
        return nil, err
    }
    // read redis password, root crt, client crt and client key
    rootcacert, err := ioutil.ReadFile("/etc/secret/resolver-redis-ca-cert")
    if err != nil {
        return nil, err
    }
    redisClusterPassword, err := configmap.Load("/etc/secret/resolver-redis-cluster-password") // returns map[string]string
    if err != nil {
        return nil, err
    }
    rootCAs.AppendCertsFromPEM(rootcacert)

    // read client cert and key pair
    clientKeyPair, err := tls.LoadX509KeyPair("/etc/secret/resolver-redis-client-cert", "/etc/secret/resolver-redis-client-key")
    if err != nil {
        return nil, err
    }
    // fmt.Println(rootCAs)
    // fmt.Printf("%+v\n", clientKeyPair)
    redisOpts := redis.ClusterOptions{
        Addrs: rediscluster.Addrs,
        TLSConfig: &tls.Config{
            RootCAs:      rootCAs,
            Certificates: []tls.Certificate{clientKeyPair},
        },
        // Username: rediscluster.Username,
        Password: redisClusterPassword["resolver-redis-cluster-password"],
    }
    rdb := redis.NewClusterClient(&redisOpts)
    return rdb, nil

I am using self signed certs on server and rootcacert consists on certificate chain .

Error log:

redis: 2022/09/26 15:36:37 cluster.go:1580: getting command info: remote error: tls: unknown certificate authority redis: 2022/09/26 15:36:38 cluster.go:1580: getting command info: remote error: tls: unknown certificate authority

Nitesh Bv
  • 13
  • 1
  • 4

0 Answers0