Incorrect SSL certificate for redis cache with private endpoint configuration

David Noriega 41 Reputation points
2022-01-18T19:27:21.473+00:00

The ssl certificate used by the redis service does not include *.privatelink.redis.cache.windows.net as a subject alternative name. Instead it has .redis.cache.windows.net configured twice.

Azure Cache for Redis
Azure Cache for Redis
An Azure service that provides access to a secure, dedicated Redis cache, managed by Microsoft.
231 questions
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
486 questions
{count} votes

Accepted answer
  1. ShrutiPathak-MSFT 81 Reputation points Microsoft Employee
    2022-02-03T20:43:52.94+00:00

    As documented here: https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns#azure-services-dns-zone-configuration, {cachename}.redis.cache.windows.net is a canonical name to {cachename}.privatelink.redis.cache.windows.net and it is recommended to use {cachename}.redis.cache.windows.net in all client applications/connection strings. We will update our documentation with this recommendation. Please note that the private DNS zone that is created in your subscription is vital for TLS communication and should not be removed.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Oury Ba-MSFT 17,786 Reputation points Microsoft Employee
    2022-02-01T17:59:22.233+00:00

    Hi @David Noriega Thank you for being patient while working on this issue.
    Could you please try using the *.redis.cache.windows.net hostname rather than *.privatelink.redis.cache.windows.net. Let us know if that works
    We will also update documentation to be more clear.

    Regards,
    Oury