Configuring SSL for a DB Instance
Secure Socket Layer (SSL) is an encryption-based Internet security protocol for establishing secure links between a server and a client. It provides privacy, authentication, and integrity to Internet communications. SSL:
- Authenticates users and servers, ensuring that data is sent to the correct clients and servers.
- Encrypts data, preventing it from being intercepted during transmission.
- Ensures data integrity during transmission.
By default, SSL is enabled for new DB instances. Enabling SSL increases the network connection response time and CPU usage, and you are advised to evaluate the impact on service performance before enabling SSL.
You can use a client to connect to your DB instance through a non-SSL or SSL connection.
- If SSL is enabled for your DB instance, you can connect to your DB instance using SSL, which is more secure.
- If SSL is disabled, you can only connect to your DB instance using a non-SSL connection.
Constraints
Enabling or disabling SSL will reboot the instance immediately. During the reboot, the instance is unavailable. Rebooting an instance will clear the cached memory in it. You are advised to reboot it during off-peak hours.
Disabling SSL
- Log in to the management console.
- Click
in the upper left corner and select a region and project.
- Click
in the upper left corner of the page and choose Databases > TaurusDB.
- On the Instances page, click the instance name to go to the Basic Information page.
- In the Configuration area, click
under SSL.
- In the displayed dialog box, click OK.
Figure 1 Disabling SSL
- After a while, check the SSL status on the Basic Information page. It is disabled.
Downloading an SSL Certificate
- Log in to the management console.
- Click
in the upper left corner and select a region and project.
- Click
in the upper left corner of the page and choose Databases > TaurusDB.
- On the Instances page, click the instance name to go to the Basic Information page.
- In the Configuration area, click Download under SSL.
- Download Certificate Download.zip, and obtain the root certificate ca.pem and bundle ca-bundle.pem from the package.
Follow-up Operations
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot