All Products
Search
Document Center

ApsaraDB RDS:[New features/New specifications] Custom SSL certificates are supported for ApsaraDB RDS for MySQL

Last Updated:Jul 22, 2024

Starting July 2, 2024, ApsaraDB RDS for MySQL supports custom SSL certificates. This topic describes the introduction, prerequisites, release date, usage notes, and references of custom SSL certificates.

Introduction

The SSL encryption feature can be used to encrypt data that is transmitted between ApsaraDB RDS for MySQL instances and clients. This prevents data from being monitored, intercepted, or tampered with by third parties. When you configure SSL encryption for an ApsaraDB RDS for MySQL instance, you can use custom certificates as well as certificates that are managed by Alibaba Cloud. The following table compares the configuration items and purposes of the two types of certificates. For more information about custom SSL certificates, see Configure a custom certificate.

Configuration item

Cloud certificate

Custom certificate

Method to obtain

Issued by Alibaba Cloud.

Issued by a certification authority (CA) or from a self-signed certificate.

Validity period

365 days.

Customized.

Number of protected endpoints

1

1

Purpose

Used to enable SSL encryption and used by the client to authenticate the server.

Used to enable SSL encryption and used by the client to authenticate the server.

Prerequisites

  • OpenSSL is installed.

  • Your RDS instance runs one of the following MySQL versions and RDS editions:

    • MySQL 8.0 or MySQL 5.7 on RDS Cluster Edition

    • MySQL 8.0, MySQL 5.7, or MySQL 5.6 on RDS High-availability Edition

    • MySQL 8.0 or MySQL 5.7 on RDS Basic Edition

Note
  • If you use Linux, OpenSSL is preinstalled. You do not need to install OpenSSL again.

  • If you use Windows, you must obtain the OpenSSL package and install OpenSSL.

Release date

July 2, 2024

Usage notes

  • After SSL encryption is enabled, the CPU utilization and the read and write latencies increase.

  • After SSL encryption is enabled, you must close the existing connection and establish a new connection for SSL encryption to take effect.

  • When you configure a custom certificate, modify the content of the configured custom certificate, or disable SSL encryption, the RDS instance restarts. The restart process requires about 3 minutes. We recommend that you perform these operations during off-peak hours.

References