You can call the ModifyDBInstanceSSL operation to modify the SSL encryption settings of an ApsaraDB RDS instance.

This operation is used to configure SSL encryption for an instance. For more information, see Configure SSL encryption.

Note
  • This operation is supported only when the instance runs MySQL 5.6, MySQL 5.7 on RDS High-availability Edition with local SSDs, MySQL 8.0 on RDS High-availability Edition with local SSDs, SQL Server, or PostgreSQL with standard or enhanced SSDs.
  • SSL encryption is not supported for connections to the read/write splitting endpoint of an instance.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes ModifyDBInstanceSSL

The operation that you want to perform. Set the value to ModifyDBInstanceSSL.

ConnectionString String Yes rm-uf6wjk5xxxxx.mysql.rds.aliyuncs.com

The internal or public endpoint for which the server certificate needs to be created or updated.

DBInstanceId String Yes rm-uf6wjk5xxxxxxx

The ID of the instance.

SSLEnabled Integer No 1

Specifies whether to enable or disable SSL encryption. Valid values:

  • 1: enables SSL encryption
  • 0: disables SSL encryption
CAType String No aliyun

The type of the server certificate. This parameter is supported only when the instance runs PostgreSQL with standard or enhanced SSDs. If you set the SSLEnabled parameter to 1, the default value of this parameter is aliyun.

Value range:
  • aliyun: a cloud certificate
  • custom: a custom certificate
ServerCert String No -----BEGIN CERTIFICATE-----MIID*****QqEP-----END CERTIFICATE-----

The content of the server certificate. This parameter is supported only when the instance runs PostgreSQL with standard or enhanced SSDs. If you set the CAType parameter to custom, you must also specify this parameter.

ServerKey String No -----BEGIN PRIVATE KEY-----MIIE****ihfg==-----END PRIVATE KEY-----

The private key of the server certificate. This parameter is supported only when the instance runs PostgreSQL with standard or enhanced SSDs. If you set the CAType parameter to custom, you must also specify this parameter.

ClientCAEnabled Integer No 1

Specifies whether to enable the public key of the CA that issues client certificates. This parameter is supported only when the instance runs PostgreSQL with standard or enhanced SSDs. Valid values:

  • 1: enables the public key
  • 0: disables the public key
ClientCACert String No -----BEGIN CERTIFICATE-----MIID*****viXk=-----END CERTIFICATE-----

The public key of the CA that issues client certificates. This parameter is supported only when the instance runs PostgreSQL with standard or enhanced SSDs. If you set the ClientCAEbabled parameter to 1, you must also specify this parameter.

ClientCrlEnabled Integer No 1

Specifies whether to enable a certificate revocation list (CRL) that contains revoked client certificates. This parameter is supported only when the instance runs PostgreSQL with standard or enhanced SSDs. In addition, this parameter is available only when the public key of the CA that issues client certificates is enabled. Valid values:

  • 1: enables the CRL
  • 0: disables the CRL
ClientCertRevocationList String No -----BEGIN X509 CRL-----MIIB****19mg==-----END X509 CRL-----

The CRL that contains revoked client certificates. This parameter is supported only when the instance runs PostgreSQL with standard or enhanced SSDs. If you set the ClientCrlEnabled parameter to 1, you must also specify this parameter.

ACL String No cert

The method that is used to verify the identities of clients. This parameter is supported only when the instance runs PostgreSQL with standard or enhanced SSDs. In addition, this parameter is available only when the public key of the CA that issues client certificates is enabled. Valid values:

  • cert
  • perfer
  • verify-ca
  • verify-full (supported only when the instance runs PostgreSQL 12 or later)
ReplicationACL String No cert

The method that is used to verify the replication permission. This parameter is supported only when the instance runs PostgreSQL with standard or enhanced SSDs. In addition, this parameter is available only when the public key of the CA that issues client certificates is enabled. Valid values:

  • cert
  • perfer
  • verify-ca
  • verify-full (supported only when the instance runs PostgreSQL 12 or later)

Response parameters

Parameter Type Example Description
RequestId String 777C4593-8053-427B-99E2-105593277CAB

The ID of the request.

Examples

Sample requests

http(s)://rds.aliyuncs.com/?Action=ModifyDBInstanceSSL
&ConnectionString=rm-uf6wjk5xxxxx.mysql.rds.aliyuncs.com
&DBInstanceId=rm-uf6wjk5xxxxxxx
&<Common request parameters>

Sample success responses

XML format

<RequestId>777C4593-8053-427B-99E2-105593277CAB</RequestId>

JSON format

{
    "RequestId": "777C4593-8053-427B-99E2-105593277CAB"
}

Error codes

For a list of error codes, visit the API Error Center.