To increase link security, you can enable SSL encryption and install SSL certificates on the necessary application services. SSL (Secure Sockets Layer) is used on the transport layer to encrypt network connections. It increases the security and integrity of communication data, but also increases the network connection time.
Due to the inherent drawbacks of SSL encryption, activating this function will significantly increase your CPU usage. We recommand that you only enable SSL encryption for Internet connections requiring encryption. Intranet connection are relatively secure, and generally do not require link encryption.
In addition, SSL encryption cannot be disabled once it is enabled. Do this operation with caution.
Log on to the
RDS Consoleand select the target instance.
In the left-side menu bar, select Security control to go to the Security control page.
Select the SSL tab page.
Click the button next to Disabled, as shown below.
In the SSL Setting dialog box, select the link for which to activate SSL encryption and click OK to activate SSL encryption, as shown below.
Note: Users can choose to encrypt both Internet and intranet links as needed, but only one link can be encrypted.
Click Download CA Certificate to download the SSL certificate, as shown below.
Note: The downloaded SSL certificate is a package including the following two files:
p7b file: Used to import the CA certificate on Windows OS
PEM file: Used to import the CA certificate on other systems or for other applications
After activating SSL encryption, you need to configure the SSL certificate when you connect RDS to an application or a client.
This section uses MySQL Workbench as an example to describe how to install the SSL certificate. For details about how to install the SSL certificate on other applications or a client, refer to the corresponding product instructions.
Start MySQL Workbench.
Select Database > Manage Connections.
Enable Use SSL and import the SSL certificate, as shown in the figure below.