Herkou Redis - certificate verify failed (self signed certificate in certificate chain)

Question

I have been using heroku redis for a while now on one of my side projects. I currently use it for 3 things

1. It serves as a place for me to store firebase certificates
2. It is used for caching data on the site
3. It is used for rails sidekiq jobs

Recently, my heroku usage went up and I had to change it to use heroku redis premium plan. Ever since then I have been getting error: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) somehow. Everything stayed the same yet the error started popping out of nowhere.

Does heroku-redis premium plan work fundamentally different than a basic heroku-redis plan?

I am using ruby on rails, deployed on heroku with heroku redis if that helps.

Answer 1

According to Heroku's docs

You need to

Create an initializer file named config/initializers/redis.rb containing:

$redis = Redis.new(url: ENV["REDIS_URL"], ssl_params: { verify_mode: OpenSSL::SSL::VERIFY_NONE })

Also if you are having this issue while attempting to use sidekiq:

Create an initializer file named config/initializers/sidekiq.rb containing:

Sidekiq.configure_server do |config|
  config.redis = { ssl_params: { verify_mode: OpenSSL::SSL::VERIFY_NONE } }
end

Sidekiq.configure_client do |config|
  config.redis = { ssl_params: { verify_mode: OpenSSL::SSL::VERIFY_NONE } }
end

Answer 2

Actually, when you install the Heroku Redis on your heroku app, it will create for you 2 Config Vars : REDIS_TLS_URL and REDIS_URL.

The docs are actually incorrect, you have to set SSL to verify_none because TLS happens automatically.

From Heroku support:

"Our data infrastructure uses self-signed certificates so certificates can be cycled regularly... you need to set the verify_mode configuration variable to OpenSSL::SSL::VERIFY_NONE"