如何设置redis以在mac上使用SSL

您能帮我在本地计算机上设置使用SSL的redis吗？我做过一次，效果很好，过了一段时间，当我尝试连接时，我得到了这个错误：

redis-cli --tls --cacert /usr/local/share/ca-certificates/ca.crt
Could not connect to Redis at 127.0.0.1:6379: SSL_connect failed: certificate verify failed

我关注这篇文章https://godfrey-tutu.medium.com/redis-6-deployment-with-tls-authentication-on-centos-7-8b6e34d11cd0我执行了以下命令：

sudo -s  // need to be able to run all next commands   

mkdir /tmp/certs && cd /tmp/certs
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha256 -key ca.key -days 365 -subj '/O=A/CN=127.0.0.1' -out ca.crt
openssl genrsa -out redis.key 2048
mkdir /etc/ssl/private
openssl req -new -sha256 -nodes -key redis.key -subj '/O=A/CN=127.0.0.1' | openssl x509 -req -sha256 -CA ca.crt -CAkey ca.key -CAserial /etc/ssl/private/ca.txt -CAcreateserial -days 365 -out redis.crt

mkdir /usr/local/share/ca-certificates
cp ca.crt /usr/local/share/ca-certificates/
cp ca.key /etc/ssl/private/
cp redis.key /etc/ssl/private/
cp redis.crt /etc/ssl/
chown andrey /usr/local/share/ca-certificates/ca.crt
chmod 644 /usr/local/share/ca-certificates/ca.crt
chown andrey /etc/ssl/private/ca.key
chmod 400 /etc/ssl/private/ca.key
chown andrey /etc/ssl/private/redis.key
chmod 400 /etc/ssl/private/redis.key
chown andrey /etc/ssl/redis.crt
chmod 644 /etc/ssl/redis.crt

这是我的redis配置文件

port 0
tls-port 6379
# Configure a X.509 certificate and private key to use for authenticating the
# server to connected clients, masters or cluster peers.  These files should be
# PEM formatted.
#
tls-cert-file /etc/ssl/redis.crt
tls-key-file /etc/ssl/private/redis.key
# Configure a DH parameters file to enable Diffie-Hellman (DH) key exchange:
#
# tls-dh-params-file redis.dh
# Configure a CA certificate(s) bundle or directory to authenticate TLS/SSL
# clients and peers.  Redis requires an explicit configuration of at least one
# of these, and will not implicitly use the system wide configuration.
#
tls-ca-cert-file /usr/local/share/ca-certificates/ca.crt
# tls-ca-cert-dir /etc/ssl/certs
# By default, clients (including replica servers) on a TLS port are required
# to authenticate using valid client side certificates.
#
# If "no" is specified, client certificates are not required and not accepted.
# If "optional" is specified, client certificates are accepted and must be
# valid if provided, but are not required.
#
tls-auth-clients no
# tls-auth-clients optional
# By default, a Redis replica does not attempt to establish a TLS connection
# with its master.
#
# Use the following directive to enable TLS on replication links.
#
# tls-replication yes
# By default, the Redis Cluster bus uses a plain TCP connection. To enable
# TLS for the bus protocol, use the following directive:
#
# tls-cluster yes
# Explicitly specify TLS versions to support. Allowed values are case insensitive
# and include "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" (OpenSSL >= 1.1.1) or
# any combination. To enable only TLSv1.2 and TLSv1.3, use:
#
tls-protocols "TLSv1.2 TLSv1.3"
# Configure allowed ciphers.  See the ciphers(1ssl) manpage for more information
# about the syntax of this string.
#
# Note: this configuration applies only to <= TLSv1.2.
#
# tls-ciphers DEFAULT:!MEDIUM
# Configure allowed TLSv1.3 ciphersuites.  See the ciphers(1ssl) manpage for more
# information about the syntax of this string, and specifically for TLSv1.3
# ciphersuites.
#
tls-ciphersuites TLS_CHACHA20_POLY1305_SHA256
# When choosing a cipher, use the server's preference instead of the client
# preference. By default, the server follows the client's preference.
#
tls-prefer-server-ciphers no
# By default, TLS session caching is enabled to allow faster and less expensive
# reconnections by clients that support it. Use the following directive to disable
# caching.
#
# tls-session-caching no
# Change the default number of TLS sessions cached. A zero value sets the cache
# to unlimited size. The default size is 20480.
#
# tls-session-cache-size 5000
# Change the default timeout of cached TLS sessions. The default timeout is 300
# seconds.
#
# tls-session-cache-timeout 60

所以这几天效果很好我尝试再次重新创建证书，但这对没有帮助

我做错了什么？