{
  "id": "certificates",
  "title": "Certificates",
  "url": "https://redis.io/docs/latest/operate/rs/7.8/security/certificates/",
  "summary": "An overview of certificates in Redis Enterprise Software.",
  "content": "\nRedis Enterprise Software uses self-signed certificates by default to ensure that the product is secure. These certificates are autogenerated on the first node of each Redis Enterprise Software installation and are copied to all other nodes added to the cluster.\n\nYou can replace a self-signed certificate with one signed by a certificate authority of your choice.\n\n## Supported certificates\n\nHere's the list of supported certificates that create secure, encrypted connections to your Redis Enterprise Software cluster:\n\n| Certificate name | Autogenerated | Description |\n|------------------|:---------------:|-------------|\n| `api` | \u003cspan title=\"Yes\"\u003e\u0026#x2705;\u003c/span\u003e | Encrypts [REST API]() requests and responses. |\n| `cm` | \u003cspan title=\"Yes\"\u003e\u0026#x2705;\u003c/span\u003e | Secures connections to the Redis Enterprise Cluster Manager UI. |\n| `ldap_client` | \u003cspan title=\"No\"\u003e:x:\u003c/span\u003e | Secures connections between LDAP clients and LDAP servers. |\n| `metrics_exporter` | \u003cspan title=\"Yes\"\u003e\u0026#x2705;\u003c/span\u003e | Sends Redis Enterprise metrics to external [monitoring tools]() over a secure connection. |\n| `mtls_trusted_ca` | \u003cspan title=\"No\"\u003e:x:\u003c/span\u003e  | Required to enable certificate-based authentication for secure, passwordless access to the REST API. |\n| `proxy` | \u003cspan title=\"Yes\"\u003e\u0026#x2705;\u003c/span\u003e | Creates secure, encrypted connections between clients and databases. |\n| `syncer` | \u003cspan title=\"Yes\"\u003e\u0026#x2705;\u003c/span\u003e | For [Active-Active]() or [Replica Of]() databases, encrypts data during the synchronization of participating clusters. |\n\nCertificates that are not autogenerated are optional unless you want to use certain features. For example, you must provide your own `ldap_client` certificate to enable [LDAP authentication]() or an `mtls_trusted_ca` certificate to enable certificate-based authentication.\n\n## Accept self-signed certificates to access the Cluster Manager UI\n\nWhen you use the default self-signed certificates and you connect to the Cluster Manager UI over a web browser, you'll see an untrusted connection notification. Depending on your browser, you can allow the connection for each session or add an exception to trust the certificate for all future sessions.\n",
  "tags": ["docs","operate","rs"],
  "last_updated": "2026-04-01T08:10:08-05:00",
  "children": [{"id":"create-certificates","summary":"Create self-signed certificates to install on a Redis Enterprise cluster.","title":"Create certificates","url":"https://redis.io/docs/latest/operate/rs/7.8/security/certificates/create-certificates/"},{"id":"monitor-certificates","summary":"Monitor certificates on a Redis Enterprise cluster.","title":"Monitor certificates","url":"https://redis.io/docs/latest/operate/rs/7.8/security/certificates/monitor-certificates/"},{"id":"updating-certificates","summary":"Update certificates in a Redis Enterprise cluster.","title":"Update certificates","url":"https://redis.io/docs/latest/operate/rs/7.8/security/certificates/updating-certificates/"},{"id":"ocsp-stapling","summary":"Use OCSP stapling to verify certificates maintained by a third-party CA and authenticate connection attempts between clients and servers.","title":"Enable OCSP stapling","url":"https://redis.io/docs/latest/operate/rs/7.8/security/certificates/ocsp-stapling/"},{"id":"certificate-based-authentication","summary":"Certificate-based authentication allows secure, passwordless access to the REST API and databases.","title":"Certificate-based authentication","url":"https://redis.io/docs/latest/operate/rs/7.8/security/certificates/certificate-based-authentication/"}]
}