This topic describes how to configure Secure Sockets Layer (SSL) encryption for a dedicated proxy endpoint on an ApsaraDB RDS for MySQL instance. The dedicated proxy service of ApsaraDB RDS provides advanced features, such as read/write splitting, connection pool, and transaction splitting. You can enable SSL encryption for a dedicated proxy endpoint. This ensures the security of data in transit.

Prerequisites

  • Your RDS instance runs one of the following MySQL versions and RDS editions:
    • MySQL 8.0 on RDS High-availability Edition with local SSDs (The minor engine version is 20200831 or later.)
    • MySQL 5.7 on RDS High-availability Edition with local SSDs (The minor engine version is 20200831 or later.)
    • MySQL 5.6 on RDS High-availability Edition with local SSDs (The minor engine version is 20200831 or later.)
    Note If your RDS instance is attached with read-only RDS instances, the read-only RDS instances must meet the requirements that are described in Update the minor engine version of an ApsaraDB RDS for MySQL instance.
  • The dedicated proxy version of your RDS instance is 1.12.8 or later. For more information, see Upgrade the dedicated proxy version of an ApsaraDB RDS for MySQL instance.
  • The total length of the dedicated proxy endpoint does not exceed 64 characters.
  • You are logged on to the new ApsaraDB RDS console. You can configure SSL encryption for the dedicated proxy endpoint only by using the new ApsaraDB RDS console. To switch to the new ApsaraDB RDS console from the original ApsaraDB RDS console, you can click Try New Version in the lower-right corner of the page.Try New Version

Precautions

  • SSL encryption can be configured for only one dedicated proxy endpoint per RDS instance.
  • If you enable or disable SSL encryption, change the SSL encryption-protected dedicated proxy endpoint, or update the validity period of the SSL certificate, your RDS instance restarts. Proceed with caution.

Enable SSL encryption

Notice This operation causes a restart of your RDS instance. Proceed with caution.
  1. Go to the Database Proxy page.
    1. Log on to the ApsaraDB for RDS console. In the left-side navigation pane, click Instances. In the top navigation bar, select the region where your RDS instance resides.
      选择地域
    2. Find your RDS instance and click its ID. In the left-side navigation pane, click Database Proxy.
  2. Click the SSL tab.
  3. Turn on the switch next to Disabled. In the dialog box that appears, select the dedicated proxy endpoint that you want to protect, and click OK.
    Enable SSL encryption

Change the SSL encryption-protected dedicated proxy endpoint

Notice This operation causes an update to the validity period of the SSL certificate. This operation also causes a restart of your RDS instance. Proceed with caution.
  1. Go to the Database Proxy page.
    1. Log on to the ApsaraDB for RDS console. In the left-side navigation pane, click Instances. In the top navigation bar, select the region where your RDS instance resides.
      选择地域
    2. Find your RDS instance and click its ID. In the left-side navigation pane, click Database Proxy.
  2. Click the SSL tab.
  3. Click Configure SSL. In the dialog box that appears, select a new dedicated proxy endpoint and click OK.
    Change the SSL encryption-protected dedicated proxy endpoint

Update the validity period of the SSL certificate

Notice This operation causes a restart of your RDS instance. Proceed with caution.
  1. Go to the Database Proxy page.
    1. Log on to the ApsaraDB for RDS console. In the left-side navigation pane, click Instances. In the top navigation bar, select the region where your RDS instance resides.
      选择地域
    2. Find your RDS instance and click its ID. In the left-side navigation pane, click Database Proxy.
  2. Click the SSL tab.
  3. Click Update Expiration Time. In the message that appears, click OK.
    Update Expiration Time

Disable SSL encryption

Notice This operation causes a restart of your RDS instance. Proceed with caution.
  1. Go to the Database Proxy page.
    1. Log on to the ApsaraDB for RDS console. In the left-side navigation pane, click Instances. In the top navigation bar, select the region where your RDS instance resides.
      选择地域
    2. Find your RDS instance and click its ID. In the left-side navigation pane, click Database Proxy.
  2. Click the SSL tab.
  3. Turn off the switch next to Enabled. In the message that appears, click OK.
    Disable SSL encryption

Related operations

API Description
ModifyDbProxyInstanceSsl Configures SSL encryption for a dedicated proxy endpoint on an ApsaraDB RDS instance.
GetDbProxyInstanceSsl Queries the SSL encryption settings of a dedicated proxy endpoint on an ApsaraDB RDS instance.