This topic describes how to enable SSL encryption for an ApsaraDB for MongoDB instance to enhance link security. After you enable SSL encryption, you must install SSL certificates that are issued by certificate authorities (CAs) on your application. SSL encryption can encrypt connections at the transport layer to increase data security and ensure data integrity. This topic describes operations related to SSL encryption.
Prerequisites
The instance is a replica set instance that runs MongoDB 3.4 or later.
Precautions
- You can download SSL certificates only from the ApsaraDB for MongoDB console.
- After you enable SSL encryption for an instance, the CPU utilization of the instance
is significantly increased. We recommend that you enable SSL encryption only when
encryption needs arise. For example, you can enable SSL encryption when you connect
to an ApsaraDB for MongoDB instance over the Internet.
Note In most cases, connections that use an internal endpoint are secure and do not require SSL encryption.
- After you enable SSL encryption for an instance, both SSL and non-SSL connections are supported.
Notes
When you enable or disable SSL encryption or update SSL certificates for an instance,
the instance is restarted. Plan your operations in advance and make sure that your
applications are configured to automatically re-establish a connection.
Note When an instance is restarted, all its nodes are restarted in turn and each node goes
through a transient connection of about 30 seconds. If the instance contains more
than 10,000 collections, the transient connections last longer.
Procedure
Related API operations
Operation | Description |
---|---|
DescribeDBInstanceSSL | Queries the SSL settings of an ApsaraDB for MongoDB instance. |
ModifyDBInstanceSSL | Modifies the SSL settings of an ApsaraDB for MongoDB instance. |