This topic describes how to enhance link security by enabling Secure Sockets Layer (SSL) encryption and installing SSL CA certificates on your application services. The SSL encryption feature encrypts network connections at the transport layer to improve data security and ensure data integrity during communication.

Prerequisites

Usage notes

  • SSL encryption may increase the network latency of instances. We recommend that you enable this feature only when required. For example, you can enable SSL encryption if you connect to an ApsaraDB for Redis instance over the Internet.
  • After you enable SSL encryption for an instance, both SSL and non-SSL connections are supported.

Procedure

  1. Log on to the ApsaraDB for Redis console.
  2. In the top navigation bar of the page, select the region where the instance is deployed.
  3. On the Instances page, click the ID of the instance.
  4. Perform one of the following operations.
    Figure 1. Configure SSL encryption for an ApsaraDB for Redis instance
    Configure SSL encryption for an ApsaraDB for Redis instance
    Operation Description
    Enable or disable SSL encryption Turn on or off SSL Certificate.
    Modify the earliest TLS version supported by the instance Click SSL next to Minimum TLS version, select a TLS version from the drop-down list, and then click Save. The default value is TLSv1.
    Note
    • If the Minimum TLS version drop-down list is unavailable, you must update your instance to the latest minor version. For more information, see Upgrade the minor version.
    • This operation is not supported if you use a Redis 2.8 instance of the standard architecture.
    Update the CA certificate Click Update Validity in the upper-right corner of the page, and then click OK.
    Warning If you update the validity period of a CA certificate, the instance is restarted. During the restart process, the instance experiences transient connections for a few seconds. We recommend that you update the certificate during off-peak hours and make sure that your application supports automatic reconnection.
    Download the CA certificate In the upper-right corner of the page, click Download SSL Certificate.

FAQ

What can I do if the error message "version not supported" appears?

You must update your instance to the latest minor version. For more information, see Upgrade the minor version.

Related operations

Operation Description
ModifyInstanceSSL Configures SSL encryption for an ApsaraDB for Redis instance.