diff --git a/core/src/main/java/google/registry/cache/CacheModule.java b/core/src/main/java/google/registry/cache/CacheModule.java
index d43c64e7413..0b618867604 100644
--- a/core/src/main/java/google/registry/cache/CacheModule.java
+++ b/core/src/main/java/google/registry/cache/CacheModule.java
@@ -60,12 +60,15 @@ public final class CacheModule {
   public static Optional<UnifiedJedis> provideJedis(
       @ApplicationDefaultCredential GoogleCredentialsBundle credentialsBundle,
       @Config("valkeyHostsAndPorts") Optional<ImmutableList<String>> valkeyHostsAndPorts,
-      @Config("valkeySslSocketFactory") SSLSocketFactory valkeySslSocketFactory) {
-    if (valkeyHostsAndPorts.map(ImmutableList::isEmpty).orElse(true)) {
+      @Config("valkeyCertificateAuthority") Optional<String> valkeyCertificateAuthority) {
+    if (valkeyHostsAndPorts.map(ImmutableList::isEmpty).orElse(true)
+        || valkeyCertificateAuthority.isEmpty()) {
       return Optional.empty();
     }
     ImmutableSet<HostAndPort> hostsAndPorts =
         valkeyHostsAndPorts.get().stream().map(HostAndPort::from).collect(toImmutableSet());
+    SSLSocketFactory valkeySslSocketFactory =
+        createValkeySslSocketFactory(valkeyCertificateAuthority.get());
     JedisClientConfig clientConfig =
         DefaultJedisClientConfig.builder()
             .ssl(true)
@@ -111,11 +114,7 @@ public static HostCache provideHostCache(
     return new MultilayerHostCache(jedisClient.get(), cacheMetrics);
   }
 
-  @Provides
-  @Singleton
-  @Config("valkeySslSocketFactory")
-  static SSLSocketFactory provideValkeySslSocketFactory(
-      @Config("valkeyCertificateAuthority") String valkeyCertificateAuthority) {
+  private static SSLSocketFactory createValkeySslSocketFactory(String valkeyCertificateAuthority) {
     try {
       ImmutableList<X509Certificate> trustedCerts =
           CertificateFactory.getInstance("X.509")
diff --git a/core/src/main/java/google/registry/keyring/KeyringModule.java b/core/src/main/java/google/registry/keyring/KeyringModule.java
index bd400f922a1..ca7d289945f 100644
--- a/core/src/main/java/google/registry/keyring/KeyringModule.java
+++ b/core/src/main/java/google/registry/keyring/KeyringModule.java
@@ -22,6 +22,7 @@
 import google.registry.keyring.api.Keyring;
 import google.registry.keyring.secretmanager.SecretManagerKeyring;
 import jakarta.inject.Singleton;
+import java.util.Optional;
 
 /** Dagger module for {@link Keyring} */
 @Module
@@ -55,7 +56,7 @@ public static String provideCloudSqlDbInstance(
 
   @Provides
   @Config("valkeyCertificateAuthority")
-  public static String provideValkeyCertificateAuthority(Keyring keyring) {
-    return keyring.getValkeyCertificateAuthority();
+  public static Optional<String> provideValkeyCertificateAuthority(Keyring keyring) {
+    return Optional.ofNullable(keyring.getValkeyCertificateAuthority());
   }
 }