Updated on 2023-11-21 GMT+08:00

Configuring an SSL Connection

Scenarios

Secure Socket Layer (SSL) is an encryption-based Internet security protocol for establishing an encrypted link between a server and a client. It provides privacy, authentication, and integrity to Internet communications.

  • Authenticates users and servers, ensuring that data is sent to the correct clients and servers.
  • Encrypts data to prevent it from being intercepted during transfer.
  • Ensures data integrity during transmission.

After SSL is enabled, you can establish an encrypted connection between your client and the instance you want to access to improve data security.

Precautions

  • To use SSL, contact customer service to apply for the required permissions.
  • Enabling or disabling SSL will cause instances to restart. Exercise caution when performing this operation.
  • If SSL is enabled, you can connect to a database using SSL to improve security.

    Encryption algorithms that may have security risks are not allowed. Secure encryption algorithms and supported cipher suits are described Table 1.

    Table 1 Secure encryption algorithms and supported cipher suits

    Version

    TLS Version

    Cipher Suite

    4.0

    TLS 1.2

    DHE-RSA-AES256-GCM-SHA384

    DHE-RSA-AES128-GCM-SHA256

    The server where the client is located must support the corresponding TLS version and encryption algorithm suite. Otherwise, the connection fails.

  • If SSL is disabled, you can connect to a database using an unencrypted connection.

Enabling SSL

  1. Log in to the management console.
  2. In the service list, choose Databases > GeminiDB Mongo API.
  3. On the Instances page, click the instance. The Basic Information page is displayed.
  4. In the DB Information area, click to enable the SSL toggle.

    Alternatively, choose Connections in the navigation pane on the left. On the Basic Information page, click to enable the SSL toggle.

  5. In the displayed dialog box, click Yes.
  6. In the Basic Information area, view the results.
  7. After SSL is enabled, click next to SSL to download an SSL certificate.

    For details about how to connect to an instance using an SSL connection, see SSL Connection.

Disabling SSL

  1. Log in to the management console.
  2. In the service list, choose Databases > GeminiDB Mongo API.
  3. On the Instance Management page, click the instance.
  4. In the DB Information area on the Basic Information page, click next to the SSL field.

    Alternatively, in the navigation pane on the left, choose Connections. In the Basic Information area, click next to the SSL field.

  5. In the displayed dialog box, click Yes.
  6. In the Basic Information area, view the results.
  7. After SSL is disabled, you can connect to an instance using an unencrypted connection.

    For details, see Non-SSL Connection.