All Products
Search
Document Center

ApsaraDB RDS:ModifyDBInstanceSSL

Last Updated:Mar 13, 2024

Modifies the SSL encryption settings of an instance.

Operation description

Supported database engines

  • MySQL
  • PostgreSQL
  • SQL Server

References

Note Before you call this operation, read the following documentation and make sure that you fully understand the prerequisites and impacts of this operation.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
rds:ModifyDBInstanceSSLWRITE
  • DBInstance
    acs:rds:{#regionId}:{#accountId}:dbinstance/{#dbinstanceId}
  • rds:ResourceTag
none

Request parameters

ParameterTypeRequiredDescriptionExample
DBInstanceIdstringYes

The instance ID. You can call the DescribeDBInstances operation to query the instance ID.

rm-uf6wjk5xxxxxxx
ConnectionStringstringYes

The internal or public endpoint for which the server certificate needs to be created or updated.

rm-uf6wjk5xxxxx.mysql.rds.aliyuncs.com
SSLEnabledintegerNo

Specifies whether to enable or disable the SSL encryption feature. Valid values:

  • 1: enables the feature.
  • 0: disables the feature.
1
CATypestringNo

The type of the server certificate. This parameter is supported only when the instance runs PostgreSQL with cloud disks. If you set SSLEnabled to 1, the default value of this parameter is aliyun. Valid values:

  • aliyun: a cloud certificate
  • custom: a custom certificate
aliyun
ServerCertstringNo

The content of the server certificate. This parameter is supported only when the instance runs PostgreSQL with cloud disks. This parameter must be specified when CAType is set to custom.

-----BEGIN CERTIFICATE-----MIID*****QqEP-----END CERTIFICATE-----
ServerKeystringNo

The private key of the server certificate. This parameter is supported only when the instance runs PostgreSQL with cloud disks. This parameter must be specified when CAType is set to custom.

-----BEGIN PRIVATE KEY-----MIIE****ihfg==-----END PRIVATE KEY-----
ClientCAEnabledintegerNo

Specifies whether to enable the public key of the CA that issues client certificates. This parameter is supported only when the instance runs PostgreSQL with cloud disks. Valid values:

  • 1: enables the public key.
  • 0: disables the public key.
1
ClientCACertstringNo

The public key of the CA that issues client certificates. This parameter is supported only when the instance runs PostgreSQL with cloud disks. This parameter must be specified when ClientCAEbabled is set to 1.

-----BEGIN CERTIFICATE-----MIID*****viXk=-----END CERTIFICATE-----
ClientCrlEnabledintegerNo

Specifies whether to enable a certificate revocation list (CRL) that contains revoked client certificates. This parameter is supported only when the instance runs PostgreSQL with cloud disks. In addition, this parameter is available only when the public key of the CA that issues client certificates is enabled. Valid values:

  • 1: enables the CRL.
  • 0: disables the CRL.
1
ClientCertRevocationListstringNo

The CRL that contains revoked client certificates. This parameter is supported only when the instance runs PostgreSQL with cloud disks. This parameter must be specified when ClientCrlEnabled is set to 1.

-----BEGIN X509 CRL-----MIIB****19mg==-----END X509 CRL-----
ACLstringNo

The method that is used to verify the identities of clients. This parameter is supported only when the instance runs PostgreSQL with cloud disks. In addition, this parameter is available only when the public key of the CA that issues client certificates is enabled. Valid values:

  • cert
  • perfer
  • verify-ca
  • verify-full (supported only when the instance runs PostgreSQL 12 or later)
cert
ReplicationACLstringNo

The method that is used to verify the replication permission. This parameter is supported only when the instance runs PostgreSQL with cloud disks. In addition, this parameter is available only when the public key of the CA that issues client certificates is enabled. Valid values:

  • cert
  • perfer
  • verify-ca
  • verify-full (supported only when the instance runs PostgreSQL 12 or later)
cert
ForceEncryptionstringNo

Specifies whether to enable the forceful SSL encryption feature. This parameter is supported only for ApsaraDB RDS for SQL Server instances. For more information, see Configure the SSL encryption feature. Valid values:

  • 1: enables the feature.
  • 0: disables the feature.
1
TlsVersionstringNo

The minimum Transport Layer Security (TLS) version. Valid values: 1.0, 1.1, and 1.2. This parameter is supported only for ApsaraDB RDS for SQL Server instances. For more information, see Configure the SSL encryption feature.

1.1

Response parameters

ParameterTypeDescriptionExample
object

The response parameters.

RequestIdstring

The ID of the request.

777C4593-8053-427B-99E2-105593277CAB

Examples

Sample success responses

JSONformat

{
  "RequestId": "777C4593-8053-427B-99E2-105593277CAB"
}

Error codes

HTTP status codeError codeError messageDescription
400InvalidServerCertOrPrivateKeySpecify server certificate or private key is invalid.The server certificate type or the private key is invalid.
400InvalidClientCACertSpecify client ca certificate is invalid.The client CA certificate is invalid.
400InvalidClientCrlSpecify client certificate revocation list is invalid.The client CRL is invalid.
400InvalidCAType.NotFoundSpecify ca type is not found.The server certificate type is invalid.
400InvalidACL.NotFoundSpecify acl is not found.The access control type is invalid.
400InvalidSSLStatusSpecify ssl status is invalid.The operation failed. The setting of SSL encryption is invalid.
400IncorrectDBSslStatusSpecified DB SSLStatus does not support this operation.The specified database SSL status is invalid.
400InvalidModifyMode.FormatSpecified modify mode is not valid.-
403InvalidClientCrl.PermissionClient ca certificate is set first if need to set client certificate revocation list.The operation failed due to permission errors. Configure the client CA certificate and try again.
403InvalidACL.PermissionClient ca certificate is set first if need to set acl.The operation failed. Configure the client CA certificate and try again.
404Endpoint.NotFoundSpecified endpoint is not existed.-

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
2024-02-27The Error code has changed. The request parameters of the API has changedsee changesets
Change itemChange content
Error CodesThe Error code has changed.
    delete Error Codes: 400
    delete Error Codes: 403
    delete Error Codes: 404
Input ParametersThe request parameters of the API has changed.
    Added Input Parameters: Certificate
    Added Input Parameters: PassWord
2023-12-20The Error code has changed. The request parameters of the API has changedsee changesets
Change itemChange content
Error CodesThe Error code has changed.
    delete Error Codes: 400
    delete Error Codes: 403
    delete Error Codes: 404
Input ParametersThe request parameters of the API has changed.
    Added Input Parameters: ForceEncryption
    Added Input Parameters: TlsVersion
2023-09-08The Error code has changedsee changesets
Change itemChange content
Error CodesThe Error code has changed.
    delete Error Codes: 400
    delete Error Codes: 403
    Added Error Codes: 404
2022-06-23API Description Update. The Error code has changedsee changesets
Change itemChange content
API DescriptionAPI Description Update.
Error CodesThe Error code has changed.
    delete Error Codes: 400
    delete Error Codes: 403