Query SSL encryption settings - API Reference| Alibaba Cloud Documentation Center

Note This operation is supported only when the instance runs MySQL 5.6, MySQL 5.7 on RDS High-availability Edition with local SSDs, MySQL 8.0 on RDS High-availability Edition with local SSDs, SQL Server, or PostgreSQL with standard or enhanced SSDs.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters


Parameter	Type	Required	Example	Description
Action	String	Yes	DescribeDBInstanceSSL	The operation that you want to perform. Set the value to DescribeDBInstanceSSL.
DBInstanceId	String	Yes	rm-uf6wjk5xxxxxxx	The ID of the instance.

Response parameters


Parameter	Type	Example	Description
ConnectionString	String	rm-uf6wjk5xxxxxx.mysql.rds.aliyuncs.com	The endpoint that is protected by SSL encryption.
SSLExpireTime	String	2022-05-08T08:14:16Z	The time when the server certificate expires. The time follows the ISO 8601 standard in the yyyy-MM-ddTHH:mm:ssZ format. The time is displayed in UTC.
RequireUpdate	String	Yes	Indicates whether the server certificate needs to be updated. Valid values for ApsaraDB RDS for MySQL and ApsaraDB RDS for SQL Server: No Yes Valid values for ApsaraDB RDS for PostgreSQL: 0: no 1: yes
ACL	String	cert	The method that is used to verify the identities of clients. This parameter is supported only when the instance runs PostgreSQL with standard or enhanced SSDs. Valid values: cert perfer verify-ca verify-full (supported only when the instance runs PostgreSQL 12 or later)
CAType	String	aliyun	The type of the server certificate. This parameter is supported only when the instance runs PostgreSQL with standard or enhanced SSDs. Valid values: aliyun: a cloud certificate custom: a custom certificate
ClientCACert	String	-----BEGIN CERTIFICATE-----MIID*****viXk=-----END CERTIFICATE-----	The public key of the CA that issues client certificates. This parameter is supported only when the instance runs PostgreSQL with standard or enhanced SSDs.
ClientCACertExpireTime	String	-	The time when the public key of the CA that issues client certificates expires. This parameter is supported only when the instance runs PostgreSQL with standard or enhanced SSDs. The time follows the ISO 8601 standard in the yyyy-MM-ddTHH:mm:ssZ format. The time is displayed in UTC. This parameter is not supported now.
ClientCertRevocationList	String	-----BEGIN X509 CRL-----MIIB****19mg==-----END X509 CRL-----	The certificate revocation list (CRL) that contains revoked client certificates. This parameter is supported only when the instance runs PostgreSQL with standard or enhanced SSDs.
LastModifyStatus	String	setting	The status of the SSL link. This parameter is supported only when the instance runs PostgreSQL with standard or enhanced SSDs. Valid values: success setting failed
ModifyStatusReason	String	Modify DB Instance SSL Config.	The reason why the SSL link stays in the current state. This parameter is supported only when the instance runs PostgreSQL with standard or enhanced SSDs.
ReplicationACL	String	cert	The method that is used to verify the replication permission. This parameter is supported only when the instance runs PostgreSQL with standard or enhanced SSDs. Valid values: cert perfer verify-ca verify-full (supported only when the instance runs PostgreSQL 12 or later)
RequestId	String	1AD222E9-E606-4A42-BF6D-8A4442913CEF	The ID of the request.
RequireUpdateItem	String	-	The server certificate that needs to be updated. This parameter is supported only when the instance runs PostgreSQL with standard or enhanced SSDs.
RequireUpdateReason	String	-	The reason why the server certificate needs to be updated. This parameter is supported only when the instance runs PostgreSQL with standard or enhanced SSDs.
SSLCreateTime	String	-	The time when the server certificate was created. This parameter is supported only when the instance runs PostgreSQL with standard or enhanced SSDs. In addition, this parameter is valid only when the CAType parameter is set to aliyun.
SSLEnabled	String	on	Indicates whether SSL encryption is enabled. Valid values: on: enabled off: disabled
ServerCAUrl	String	-	The URL of the CA that issues the server certificate. This parameter is supported only when the instance runs PostgreSQL with standard or enhanced SSDs.
ServerCert	String	-----BEGIN CERTIFICATE-----MIID*****QqEP-----END CERTIFICATE-----	The content of the server certificate. This parameter is supported only when the instance runs PostgreSQL with standard or enhanced SSDs.
ServerKey	String	-----BEGIN PRIVATE KEY-----MIIE****ihfg==-----END PRIVATE KEY-----	The private key of the server certificate. This parameter is supported only when the instance runs PostgreSQL with standard or enhanced SSDs.

Examples

Sample requests

http(s)://rds.aliyuncs.com/?Action=DescribeDBInstanceSSL
&DBInstanceId=rm-uf6wjk5xxxxxxx
&<Common request parameters>

Sample success responses

XML format

<ClientCertRevocationList>-----BEGIN X509 CRL-----MIIB****19mg==-----END X509 CRL-----</ClientCertRevocationList>
<RequestId>1AD222E9-E606-4A42-BF6D-8A4442913CEF</RequestId>
<RequireUpdateItem>-</RequireUpdateItem>
<CAType>aliyun</CAType>
<LastModifyStatus>setting</LastModifyStatus>
<ACL>cert</ACL>
<RequireUpdate>Yes</RequireUpdate>
<ModifyStatusReason>Modify DB Instance SSL Config.</ModifyStatusReason>
<ClientCACertExpireTime>-</ClientCACertExpireTime>
<ServerKey>-----BEGIN PRIVATE KEY-----MIIE****ihfg==-----END PRIVATE KEY-----</ServerKey>
<SSLExpireTime>2022-05-08T08:14:16Z</SSLExpireTime>
<SSLCreateTime>-</SSLCreateTime>
<ServerCert>-----BEGIN CERTIFICATE-----MIID*****QqEP-----END CERTIFICATE-----</ServerCert>
<SSLEnabled>on</SSLEnabled>
<ClientCACert>-----BEGIN CERTIFICATE-----MIID*****viXk=-----END CERTIFICATE-----</ClientCACert>
<ReplicationACL>cert</ReplicationACL>
<RequireUpdateReason>-</RequireUpdateReason>
<ConnectionString>rm-uf6wjk5xxxxxx.mysql.rds.aliyuncs.com</ConnectionString>
<ServerCAUrl>-</ServerCAUrl>

JSON format

{
    "ClientCertRevocationList": "-----BEGIN X509 CRL-----MIIB****19mg==-----END X509 CRL-----",
    "RequestId": "1AD222E9-E606-4A42-BF6D-8A4442913CEF",
    "RequireUpdateItem": "-",
    "CAType": "aliyun",
    "LastModifyStatus": "setting",
    "ACL": "cert",
    "RequireUpdate": "Yes",
    "ModifyStatusReason": "Modify DB Instance SSL Config.",
    "ClientCACertExpireTime": "-",
    "ServerKey": "-----BEGIN PRIVATE KEY-----MIIE****ihfg==-----END PRIVATE KEY-----",
    "SSLExpireTime": "2022-05-08T08:14:16Z",
    "SSLCreateTime": "-",
    "ServerCert": "-----BEGIN CERTIFICATE-----MIID*****QqEP-----END CERTIFICATE-----",
    "SSLEnabled": "on",
    "ClientCACert": "-----BEGIN CERTIFICATE-----MIID*****viXk=-----END CERTIFICATE-----",
    "ReplicationACL": "cert",
    "RequireUpdateReason": "-",
    "ConnectionString": "rm-uf6wjk5xxxxxx.mysql.rds.aliyuncs.com",
    "ServerCAUrl": "-"
}

Error codes


HTTP status code	Error code	Error message	Description
403	OperationDenied.DBInstanceType	The operation is not permitted due to type of the instance.	The error message returned because the operation is not supported by the role of the instance. Check whether the instance is a read-only instance. A read-only instance cannot be cloned.
404	InvalidDBInstanceId.NotFound	The specified instance is not found.	The error message returned because the instance cannot be found. Verify that the instance is created within your Alibaba Cloud account and is not deleted.
400	InvaildEngineInRegion.ValueNotSupported	The engine is not supported in the region.	The error message returned because the database engine that is run on the instance is not supported in the specified region.
403	IncorrectDBInstanceLockMode	Current DB instance lock mode does not support this operation.	The error message returned because the operation is not supported by the lock mode of the instance.

For a list of error codes, visit the API Error Center.