deleted java keystore type of creds support

application/src/main/resources/thingsboard.yml

@@ -643,32 +643,14 @@ redis:
   ssl:
     # Enable/disable secure connection
     enabled: "${TB_REDIS_SSL_ENABLED:false}"
-    # Server SSL credentials
+    # Server SSL credentials (only PEM format is supported)
     credentials:
-      # Server credentials type (pem - pem certificate file; keystore - java keystore)
-      type: "${TB_REDIS_SSL_CREDENTIALS_TYPE:pem}"
-      # PEM server credentials
-      pem:
-        # Path redis server (CA) certificate
-        cert_file: "${TB_REDIS_SSL_PEM_CERT:}"
-        # Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client
-        user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}"
-        # Path to user private key file. This is optional for the client and only needed if ‘ssl.pem.user_cert_file’ is configured.
-        user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}"
-      # Keystore server credentials
-      keystore:
-        # Type of the trust store (JKS or PKCS12)
-        truststore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}"
-        # The location of the trust store file
-        truststore_location: "${TB_REDIS_SSL_TRUSTSTORE_LOCATION:}"
-        # The password of trust store file if specified
-        truststore_password: "${TB_REDIS_SSL_TRUSTSTORE_PASSWORD:}"
-        # Type of the key store (JKS or PKCS12)
-        keystore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}"
-        # The location of the key store file. This is optional for the client and can be used for two-way authentication for the client
-        keystore_location: "${TB_REDIS_SSL_KEYSTORE_LOCATION:}"
-        # The store password for the key store file. This is optional for the client and only needed if ‘ssl.keystore.location’ is configured. Key store password is not supported for PEM format
-        keystore_password: "${TB_REDIS_SSL_KEYSTORE_PASSWORD:}"
+      # Path redis server (CA) certificate
+      cert_file: "${TB_REDIS_SSL_PEM_CERT:}"
+      # Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client
+      user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}"
+      # Path to user private key file. This is optional for the client and only needed if ‘user_cert_file’ is configured.
+      user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}"
   # pool config
   pool_config:
     # Maximum number of connections that can be allocated by the connection pool

common/cache/src/main/java/org/thingsboard/server/cache/RedisKeystoreCredentialsConfig.java

@@ -1,36 +0,0 @@
-/**
- * Copyright © 2016-2024 The Thingsboard Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.thingsboard.server.cache;
-
-import lombok.Data;
-
-@Data
-public class RedisKeystoreCredentialsConfig {
-
-    private String type;
-
-    private String truststoreType;
-
-    private String truststoreLocation;
-
-    private String truststorePassword;
-
-    private String keystoreType;
-
-    private String keystoreLocation;
-
-    private String keystorePassword;
-}

common/cache/src/main/java/org/thingsboard/server/cache/RedisPemCredentialsConfig.java

@@ -1,28 +0,0 @@
-/**
- * Copyright © 2016-2024 The Thingsboard Authors
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.thingsboard.server.cache;
-
-import lombok.Data;
-
-@Data
-public class RedisPemCredentialsConfig {
-
-    private String certFile;
-
-    private String userCertFile;
-
-    private String userKeyFile;
-}

common/cache/src/main/java/org/thingsboard/server/cache/RedisSslCredentials.java

@@ -22,12 +22,11 @@ import org.springframework.context.annotation.Configuration;
 @Configuration
 @ConfigurationProperties(prefix = "redis.ssl.credentials")
 @Data
-public class RedisSslCredentialsConfiguration {
+public class RedisSslCredentials {
 
-    private String type;
+    private String certFile;
 
-    private RedisKeystoreCredentialsConfig keystore;
-
-    private RedisPemCredentialsConfig pem;
+    private String userCertFile;
 
+    private String userKeyFile;
 }

common/cache/src/main/java/org/thingsboard/server/cache/TBRedisCacheConfiguration.java

@@ -42,11 +42,14 @@ import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.TrustManagerFactory;
-import java.io.FileInputStream;
+import java.io.IOException;
 import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
 import java.security.cert.CertPath;
 import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.time.Duration;
@@ -100,13 +103,16 @@ public abstract class TBRedisCacheConfiguration {
     @Value("${redis.pool_config.blockWhenExhausted:true}")
     private boolean blockWhenExhausted;
 
+    @Value("${redis.ssl.enabled:false}")
+    private boolean sslEnabled;
+
     @Bean
     public RedisConnectionFactory redisConnectionFactory() {
         return loadFactory();
     }
 
     @Autowired
-    private RedisSslCredentialsConfiguration redisSslCredentials;
+    private RedisSslCredentials redisSslCredentials;
 
     protected abstract JedisConnectionFactory loadFactory();
 
@@ -176,57 +182,35 @@ public abstract class TBRedisCacheConfiguration {
             sslContext.init(keyManagerFactory == null ? null : keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
             return sslContext.getSocketFactory();
         } catch (Exception e) {
-            throw new RuntimeException(e);
+            throw new RuntimeException("Creating TLS factory failed!", e);
         }
     }
 
     private TrustManagerFactory createAndInitTrustManagerFactory() throws Exception {
-        String type = redisSslCredentials.getType();
-        if ("pem".equals(type)) {
-            RedisPemCredentialsConfig pemCredentials = redisSslCredentials.getPem();
-            List<X509Certificate> caCerts = SslUtil.readCertFileByPath(pemCredentials.getCertFile());
-
+            List<X509Certificate> caCerts = SslUtil.readCertFileByPath(redisSslCredentials.getCertFile());
             KeyStore caKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
             caKeyStore.load(null, null);
             for (X509Certificate caCert : caCerts) {
                 caKeyStore.setCertificateEntry("redis-caCert-cert-" + caCert.getSubjectX500Principal().getName(), caCert);
             }
 
-            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
+            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
             trustManagerFactory.init(caKeyStore);
             return trustManagerFactory;
-        } else if ("keystore".equals(type)) {
-            RedisKeystoreCredentialsConfig keystore = redisSslCredentials.getKeystore();
-            KeyStore trustStore = KeyStore.getInstance(keystore.getKeystoreType());
-            trustStore.load(new FileInputStream(keystore.getTruststoreLocation()), keystore.getTruststorePassword().toCharArray());
-
-            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
-            trustManagerFactory.init(trustStore);
-            return trustManagerFactory;
-        } else {
-            throw new RuntimeException(type + ": Invalid SSL credentials configuration. None of the PEM or KEYSTORE configurations can be used!");
-        }
     }
 
     private KeyManagerFactory createAndInitKeyManagerFactory() throws Exception {
-        String type = redisSslCredentials.getType();
-        if ("pem".equals(type)) {
-            RedisPemCredentialsConfig pemCredentials = redisSslCredentials.getPem();
-            return getKeyManagerFactory(pemCredentials);
-        } else if ("keystore".equals(type)) {
-            RedisKeystoreCredentialsConfig keystore = redisSslCredentials.getKeystore();
-            return getKeyManagerFactory(keystore);
-        } else {
-            throw new RuntimeException(type + ": Invalid SSL credentials configuration. None of the PEM or KEYSTORE configurations can be used!");
-        }
+        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+        kmf.init(loadKeyStore(), null);
+        return kmf;
     }
 
-    private KeyManagerFactory getKeyManagerFactory(RedisPemCredentialsConfig pemCredentials) throws Exception {
-        if (pemCredentials.getUserCertFile().isBlank() || pemCredentials.getUserKeyFile().isBlank()) {
+    private KeyStore loadKeyStore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
+        if (redisSslCredentials.getUserCertFile().isBlank() || redisSslCredentials.getUserKeyFile().isBlank()) {
             return null;
         }
-        List<X509Certificate> certificates = SslUtil.readCertFileByPath(pemCredentials.getCertFile());
-        PrivateKey privateKey = SslUtil.readPrivateKeyByFilePath(pemCredentials.getUserKeyFile(), null);
+        List<X509Certificate> certificates = SslUtil.readCertFileByPath(redisSslCredentials.getCertFile());
+        PrivateKey privateKey = SslUtil.readPrivateKeyByFilePath(redisSslCredentials.getUserKeyFile(), null);
 
         KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
         keyStore.load(null);
@@ -242,21 +226,6 @@ public abstract class TBRedisCacheConfiguration {
             Certificate[] x509Certificates = path.toArray(new Certificate[0]);
             keyStore.setKeyEntry("redis-private-key", privateKey, null, x509Certificates);
         }
-
-        KeyManagerFactory kmf = KeyManagerFactory.getInstance("PKIX");
-        kmf.init(keyStore, null);
-        return kmf;
-    }
-
-    private KeyManagerFactory getKeyManagerFactory(RedisKeystoreCredentialsConfig keystore) throws Exception {
-        if (keystore.getKeystoreLocation().isBlank() || keystore.getKeystoreLocation().isBlank()) {
-            return null;
-        }
-        KeyStore keyStore = KeyStore.getInstance(keystore.getKeystoreType());
-        keyStore.load(new FileInputStream(keystore.getKeystoreLocation()), keystore.getKeystorePassword().toCharArray());
-
-        KeyManagerFactory kmf = KeyManagerFactory.getInstance("PKIX");
-        kmf.init(keyStore, keystore.getKeystorePassword().toCharArray());
-        return kmf;
+        return keyStore;
     }
 }

common/util/src/main/java/org/thingsboard/common/util/SslUtil.java

@@ -129,4 +129,5 @@ public class SslUtil {
         }
         return privateKey;
     }
+
 }

msa/black-box-tests/README.md

@@ -22,6 +22,10 @@ As result, in REPOSITORY column, next images should be present:
 
         mvn clean install -DblackBoxTests.skip=false
 
+- Run the black box tests (without ui tests) in the [msa/black-box-tests](../black-box-tests) directory with Redis standalone with TLS:
+
+        mvn clean install -DblackBoxTests.skip=false -DblackBoxTests.redisSsl=true
+
 - Run the black box tests in the [msa/black-box-tests](../black-box-tests) directory with Redis cluster:
 
         mvn clean install -DblackBoxTests.skip=false -DblackBoxTests.redisCluster=true

transport/coap/src/main/resources/tb-coap-transport.yml

@@ -97,32 +97,14 @@ redis:
   ssl:
     # Enable/disable secure connection
     enabled: "${TB_REDIS_SSL_ENABLED:false}"
-    # Server SSL credentials
+    # Server SSL credentials (only PEM format is supported)
     credentials:
-      # Server credentials type (pem - pem certificate file; keystore - java keystore)
-      type: "${TB_REDIS_SSL_CREDENTIALS_TYPE:pem}"
-      # PEM server credentials
-      pem:
-        # Path redis server (CA) certificate
-        cert_file: "${TB_REDIS_SSL_PEM_CERT:}"
-        # Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client
-        user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}"
-        # Path to user private key file. This is optional for the client and only needed if ‘ssl.pem.user_cert_file’ is configured.
-        user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}"
-      # Keystore server credentials
-      keystore:
-        # Type of the trust store (JKS or PKCS12)
-        truststore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}"
-        # The location of the trust store file
-        truststore_location: "${TB_REDIS_SSL_TRUSTSTORE_LOCATION:}"
-        # The password of trust store file if specified
-        truststore_password: "${TB_REDIS_SSL_TRUSTSTORE_PASSWORD:}"
-        # Type of the key store (JKS or PKCS12)
-        keystore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}"
-        # The location of the key store file. This is optional for the client and can be used for two-way authentication for the client
-        keystore_location: "${TB_REDIS_SSL_KEYSTORE_LOCATION:}"
-        # The store password for the key store file. This is optional for the client and only needed if ‘ssl.keystore.location’ is configured. Key store password is not supported for PEM format
-        keystore_password: "${TB_REDIS_SSL_KEYSTORE_PASSWORD:}"
+      # Path redis server (CA) certificate
+      cert_file: "${TB_REDIS_SSL_PEM_CERT:}"
+      # Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client
+      user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}"
+      # Path to user private key file. This is optional for the client and only needed if ‘user_cert_file’ is configured.
+      user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}"
   # pool config
   pool_config:
     # Maximum number of connections that can be allocated by the connection pool

transport/http/src/main/resources/tb-http-transport.yml

@@ -130,32 +130,14 @@ redis:
   ssl:
     # Enable/disable secure connection
     enabled: "${TB_REDIS_SSL_ENABLED:false}"
-    # Server SSL credentials
+    # Server SSL credentials (only PEM format is supported)
     credentials:
-      # Server credentials type (pem - pem certificate file; keystore - java keystore)
-      type: "${TB_REDIS_SSL_CREDENTIALS_TYPE:pem}"
-      # PEM server credentials
-      pem:
-        # Path redis server (CA) certificate
-        cert_file: "${TB_REDIS_SSL_PEM_CERT:}"
-        # Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client
-        user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}"
-        # Path to user private key file. This is optional for the client and only needed if ‘ssl.pem.user_cert_file’ is configured.
-        user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}"
-      # Keystore server credentials
-      keystore:
-        # Type of the trust store (JKS or PKCS12)
-        truststore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}"
-        # The location of the trust store file
-        truststore_location: "${TB_REDIS_SSL_TRUSTSTORE_LOCATION:}"
-        # The password of trust store file if specified
-        truststore_password: "${TB_REDIS_SSL_TRUSTSTORE_PASSWORD:}"
-        # Type of the key store (JKS or PKCS12)
-        keystore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}"
-        # The location of the key store file. This is optional for the client and can be used for two-way authentication for the client
-        keystore_location: "${TB_REDIS_SSL_KEYSTORE_LOCATION:}"
-        # The store password for the key store file. This is optional for the client and only needed if ‘ssl.keystore.location’ is configured. Key store password is not supported for PEM format
-        keystore_password: "${TB_REDIS_SSL_KEYSTORE_PASSWORD:}"
+      # Path redis server (CA) certificate
+      cert_file: "${TB_REDIS_SSL_PEM_CERT:}"
+      # Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client
+      user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}"
+      # Path to user private key file. This is optional for the client and only needed if ‘user_cert_file’ is configured.
+      user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}"
   # pool config
   pool_config:
     # Maximum number of connections that can be allocated by the connection pool

transport/lwm2m/src/main/resources/tb-lwm2m-transport.yml

@@ -97,32 +97,14 @@ redis:
   ssl:
     # Enable/disable secure connection
     enabled: "${TB_REDIS_SSL_ENABLED:false}"
-    # Server SSL credentials
+    # Server SSL credentials (only PEM format is supported)
     credentials:
-      # Server credentials type (pem - pem certificate file; keystore - java keystore)
-      type: "${TB_REDIS_SSL_CREDENTIALS_TYPE:pem}"
-      # PEM server credentials
-      pem:
-        # Path redis server (CA) certificate
-        cert_file: "${TB_REDIS_SSL_PEM_CERT:}"
-        # Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client
-        user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}"
-        # Path to user private key file. This is optional for the client and only needed if ‘ssl.pem.user_cert_file’ is configured.
-        user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}"
-      # Keystore server credentials
-      keystore:
-        # Type of the trust store (JKS or PKCS12)
-        truststore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}"
-        # The location of the trust store file
-        truststore_location: "${TB_REDIS_SSL_TRUSTSTORE_LOCATION:}"
-        # The password of trust store file if specified
-        truststore_password: "${TB_REDIS_SSL_TRUSTSTORE_PASSWORD:}"
-        # Type of the key store (JKS or PKCS12)
-        keystore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}"
-        # The location of the key store file. This is optional for the client and can be used for two-way authentication for the client
-        keystore_location: "${TB_REDIS_SSL_KEYSTORE_LOCATION:}"
-        # The store password for the key store file. This is optional for the client and only needed if ‘ssl.keystore.location’ is configured. Key store password is not supported for PEM format
-        keystore_password: "${TB_REDIS_SSL_KEYSTORE_PASSWORD:}"
+      # Path redis server (CA) certificate
+      cert_file: "${TB_REDIS_SSL_PEM_CERT:}"
+      # Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client
+      user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}"
+      # Path to user private key file. This is optional for the client and only needed if ‘user_cert_file’ is configured.
+      user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}"
   # pool config
   pool_config:
     # Maximum number of connections that can be allocated by the connection pool

transport/mqtt/src/main/resources/tb-mqtt-transport.yml

@@ -98,32 +98,14 @@ redis:
   ssl:
     # Enable/disable secure connection
     enabled: "${TB_REDIS_SSL_ENABLED:false}"
-    # Server SSL credentials
+    # Server SSL credentials (only PEM format is supported)
     credentials:
-      # Server credentials type (pem - pem certificate file; keystore - java keystore)
-      type: "${TB_REDIS_SSL_CREDENTIALS_TYPE:pem}"
-      # PEM server credentials
-      pem:
-        # Path redis server (CA) certificate
-        cert_file: "${TB_REDIS_SSL_PEM_CERT:}"
-        # Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client
-        user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}"
-        # Path to user private key file. This is optional for the client and only needed if ‘ssl.pem.user_cert_file’ is configured.
-        user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}"
-      # Keystore server credentials
-      keystore:
-        # Type of the trust store (JKS or PKCS12)
-        truststore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}"
-        # The location of the trust store file
-        truststore_location: "${TB_REDIS_SSL_TRUSTSTORE_LOCATION:}"
-        # The password of trust store file if specified
-        truststore_password: "${TB_REDIS_SSL_TRUSTSTORE_PASSWORD:}"
-        # Type of the key store (JKS or PKCS12)
-        keystore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}"
-        # The location of the key store file. This is optional for the client and can be used for two-way authentication for the client
-        keystore_location: "${TB_REDIS_SSL_KEYSTORE_LOCATION:}"
-        # The store password for the key store file. This is optional for the client and only needed if ‘ssl.keystore.location’ is configured. Key store password is not supported for PEM format
-        keystore_password: "${TB_REDIS_SSL_KEYSTORE_PASSWORD:}"
+      # Path redis server (CA) certificate
+      cert_file: "${TB_REDIS_SSL_PEM_CERT:}"
+      # Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client
+      user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}"
+      # Path to user private key file. This is optional for the client and only needed if ‘user_cert_file’ is configured.
+      user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}"
   # pool config
   pool_config:
     # Maximum number of connections that can be allocated by the connection pool

transport/snmp/src/main/resources/tb-snmp-transport.yml

@@ -97,32 +97,14 @@ redis:
   ssl:
     # Enable/disable secure connection
     enabled: "${TB_REDIS_SSL_ENABLED:false}"
-    # Server SSL credentials
+    # Server SSL credentials (only PEM format is supported)
     credentials:
-      # Server credentials type (pem - pem certificate file; keystore - java keystore)
-      type: "${TB_REDIS_SSL_CREDENTIALS_TYPE:pem}"
-      # PEM server credentials
-      pem:
-        # Path redis server (CA) certificate
-        cert_file: "${TB_REDIS_SSL_PEM_CERT:}"
-        # Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client
-        user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}"
-        # Path to user private key file. This is optional for the client and only needed if ‘ssl.pem.user_cert_file’ is configured.
-        user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}"
-      # Keystore server credentials
-      keystore:
-        # Type of the trust store (JKS or PKCS12)
-        truststore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}"
-        # The location of the trust store file
-        truststore_location: "${TB_REDIS_SSL_TRUSTSTORE_LOCATION:}"
-        # The password of trust store file if specified
-        truststore_password: "${TB_REDIS_SSL_TRUSTSTORE_PASSWORD:}"
-        # Type of the key store (JKS or PKCS12)
-        keystore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}"
-        # The location of the key store file. This is optional for the client and can be used for two-way authentication for the client
-        keystore_location: "${TB_REDIS_SSL_KEYSTORE_LOCATION:}"
-        # The store password for the key store file. This is optional for the client and only needed if ‘ssl.keystore.location’ is configured. Key store password is not supported for PEM format
-        keystore_password: "${TB_REDIS_SSL_KEYSTORE_PASSWORD:}"
+      # Path redis server (CA) certificate
+      cert_file: "${TB_REDIS_SSL_PEM_CERT:}"
+      # Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client
+      user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}"
+      # Path to user private key file. This is optional for the client and only needed if ‘user_cert_file’ is configured.
+      user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}"
   # pool config
   pool_config:
     # Maximum number of connections that can be allocated by the connection pool