This topic describes how to enhance link security by enabling Secure Sockets Layer (SSL) encryption and installing SSL CA certificates on your application services. The SSL encryption feature encrypts network connections at the transport layer to improve data security and ensure data integrity during communication. This topic describes operations related to SSL encryption.
Prerequisites
- The instance is a replica set instance.
- The database version of the instance is 3.4, 4.0, or 4.2.
Notes
When you enable or disable SSL encryption or update SSL CA certificates for an instance, the instance is restarted. Plan your operations in advance and make sure that your applications can automatically re-establish a connection.
Precautions
- You can download SSL CA certificate files only from the ApsaraDB for MongoDB console.
- After you enable SSL encryption for an instance, the CPU utilization of the instance
is significantly increased. We recommend that you enable SSL encryption only when
necessary. For example, you can enable SSL encryption when you connect to an ApsaraDB
for MongoDB instance over the Internet.
Note Internal network connections are more secure than Internet connections and do not need SSL encryption.
- After you enable SSL encryption for an instance, both SSL and non-SSL connections are supported.