Set SSL encryption

Last Updated: Dec 06, 2017

To increase link security, you can enable SSL encryption and install SSL certificates on the necessary application services. SSL (Secure Sockets Layer) is used on the transport layer to encrypt network connections. It increases the security and integrity of communication data, but also increases the network connection time.

Due to the inherent drawbacks of SSL encryption, activating this function significantly increases your CPU usage. We recommand that you only enable SSL encryption for Internet connections requiring encryption. Intranet connection are relatively secure, and generally do not require link encryption.

In addition, SSL encryption cannot be disabled once it is enabled. Do this operation with caution.

Enable SSL encription

  1. Log on to the RDS Console and select the target instance.

  2. In the left-side navigation pane, select Security control to go to the Security control page.

  3. Select the SSL tab page.

  4. Click the button next to Disabled, as shown in the following figure.

  5. In the SSL Setting dialog box, select the link for which to activate SSL encryption and click OK to activate SSL encryption, as shown in the following figure.

    Note: Users can choose to encrypt both Internet and intranet links as needed, but only one link can be encrypted.

    Selecting Instances

  6. Click Download CA Certificate to download the SSL certificate, as shown in the following figure.

    Note: The downloaded SSL certificate is a package including the following two files:

    • p7b file: Used to import the CA certificate on Windows OS

    • PEM file: Used to import the CA certificate on other systems or for other applications

Configure SSL CA certificate

After activating SSL encryption, you must configure the SSL certificate when you connect RDS to an application or a client.

This section uses MySQL Workbench as an example to describe how to install the SSL certificate. For more information about how to install the SSL certificate on other applications or a client, see the corresponding product instructions.

  1. Start MySQL Workbench.

  2. Select Database > Manage Connections.

  3. Enable Use SSL and import the SSL certificate, as shown in the following figure.

    Import the SSL certificate

Thank you! We've received your feedback.