Starting July 2, 2024, ApsaraDB RDS for MySQL supports custom SSL certificates. This topic describes the introduction, prerequisites, release date, usage notes, and references of custom SSL certificates.
Introduction
The SSL encryption feature can be used to encrypt data that is transmitted between ApsaraDB RDS for MySQL instances and clients. This prevents data from being monitored, intercepted, or tampered with by third parties. When you configure SSL encryption for an ApsaraDB RDS for MySQL instance, you can use custom certificates as well as certificates that are managed by Alibaba Cloud. The following table compares the configuration items and purposes of the two types of certificates. For more information about custom SSL certificates, see Configure a custom certificate.
Configuration item | ||
Method to obtain | Issued by Alibaba Cloud. | Issued by a certification authority (CA) or from a self-signed certificate. |
Validity period | 365 days. | Customized. |
Number of protected endpoints | 1 | 1 |
Purpose | Used to enable SSL encryption and used by the client to authenticate the server. | Used to enable SSL encryption and used by the client to authenticate the server. |
Prerequisites
OpenSSL is installed.
Your RDS instance runs one of the following MySQL versions and RDS editions:
MySQL 8.0 or MySQL 5.7 on RDS Cluster Edition
MySQL 8.0, MySQL 5.7, or MySQL 5.6 on RDS High-availability Edition
MySQL 8.0 or MySQL 5.7 on RDS Basic Edition
If you use Linux, OpenSSL is preinstalled. You do not need to install OpenSSL again.
If you use Windows, you must obtain the OpenSSL package and install OpenSSL.
Release date
July 2, 2024
Usage notes
After SSL encryption is enabled, the CPU utilization and the read and write latencies increase.
After SSL encryption is enabled, you must close the existing connection and establish a new connection for SSL encryption to take effect.
When you configure a custom certificate, modify the content of the configured custom certificate, or disable SSL encryption, the RDS instance restarts. The restart process requires about 3 minutes. We recommend that you perform these operations during off-peak hours.