Updated on 2024-10-08 GMT+08:00

Configuring a CCM Private Certificate

Scenarios

GeminiDB Influx allows you to use the certificate issued by Cloud Certificate Management Service (CCM) to connect to your DB instance. You can select a CCM certificate when you create an instance or update its certificate after the instance is created.

This section describes how to apply for a CCM private certificate to a DB instance in either of the following ways:

  1. Select a certificate when you create an instance.
  2. Update the certificate after the instance is created.

Precautions

The instance status is Available.

Prerequisites

You have created a CCM private certificate. If there are no CCM private certificates, you can apply for a private certificate by referring to Applying for a Private Certificate in the Cloud Certificate Manager User Guide.

  • When you apply for a private certificate, specify the IP address of the instance that you want to access for Configure Certificate AltName. If this parameter is not specified, the database connection will fail.
    • If you choose to enable SSL when you create an instance, you can only add an EIP in the Configure Certificate AltName area. This is because the instance has not been created, the system has not generated a private IP address for it.
    • When you update the certificate after an instance is created, you can add private IP addresses or EIPs of all the instance nodes at the Configure Certificate AltName area.
      Figure 1 Creating a CCM private certificate
  • For details about how to set other parameters, see Applying for a Private Certificate in the Cloud Certificate Manager User Guide.

Scenario 1: Configuring a Private Certificate When Creating an Instance

  1. Log in to the GeminiDB console.
  2. In the service list, choose Databases > GeminiDB Influx API.
  3. On the Instances page, click Buy DB Instance.
  4. On the displayed page, specify required parameters and click Next.

    • Enable SSL and select an existing CCM private certificate. If there are no certificates available, apply for a certificate by referring to Prerequisites.
      Figure 2 Selecting a certificate

    • Configure other parameters by following Buying a Cluster Instance.

  5. After the instance is created, click its name to go to the Basic Information page. In the DB Information area, check whether the certificate status is Available.

    Figure 3 Viewing the certificate status

  6. Download the certificate.

    Click Download in the Certificate field. On the displayed page, click the Nginx tab and click Download Certificate.
    Figure 4 Downloading the certificate

Scenario 2: Updating a Certificate After an Instance Is Created

  1. Log in to the GeminiDB console.
  2. In the service list, choose Databases > GeminiDB Influx API.
  3. On the Instances page, locate the instance whose certificate you want to update.
  4. In the DB Information area, click Update Certificate in the SSL field.

    Figure 5 Updating the certificate

  5. In the Update Certificate dialog box, select the required certificate and click OK.

    Figure 6 Selecting a certificate

    • The new certificate takes effect only after the instance is restarted. Perform this operation during off-peak hours to minimize impacts on your services.
    • The certificate cannot be changed to the default SSL certificate.

  6. After the certificate is updated, check whether the certificate status is Available on the Basic Information page.

    Figure 7 Viewing the certificate status

  7. Download the certificate.

    Click Download in the Certificate field. On the displayed page, click the Nginx tab and click Download Certificate.
    Figure 8 Downloading the certificate