All Products
Search
Document Center

ApsaraDB RDS:DescribeDBInstanceSSL

Last Updated:May 16, 2023

Queries the SSL encryption settings of an instance.

Operation Description

Before you call this operation, make sure that your instance is one of the following instances:

  • ApsaraDB RDS for MySQL instances that do not run RDS Basic Edition
  • ApsaraDB RDS for SQL Server instances
  • ApsaraDB RDS for PostgreSQL instances that use cloud disks

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
rds:DescribeDBInstanceSSLREAD
  • RDS
    acs:rds:{#regionId}:{#accountId}:dbinstance/{#dbinstanceId}
  • rds:ResourceTag
none

Request parameters

ParameterTypeRequiredDescriptionExample
DBInstanceIdstringYes

The ID of the instance.

rm-bp162dfr55g47****

Response parameters

ParameterTypeDescriptionExample
object
ServerCertstring

The content of the server certificate. This parameter is supported only when the instance runs PostgreSQL with cloud disks.

-----BEGIN CERTIFICATE-----MIID*****QqEP-----END CERTIFICATE-----
ClientCACertExpireTimestring

The content of the server certificate. This parameter is supported only when the instance runs PostgreSQL with cloud disks. The time follows the ISO 8601 standard in the yyyy-MM-ddTHH:mm:ssZ format. The time is displayed in UTC. This parameter is not supported now.

-
RequireUpdateItemstring

The server certificate that needs to be updated. This parameter is supported only when the instance runs PostgreSQL with cloud disks.

-
ServerCAUrlstring

The URL of the certificate that is used to issue the server certificate. This parameter is supported only when the instance runs PostgreSQL with cloud disks.

-
RequireUpdatestring

Indicates whether the server certificate needs to be updated.

  • Valid values for ApsaraDB RDS for MySQL instances and ApsaraDB RDS for SQL Server instances:

    • No
    • Yes
  • Valid values for ApsaraDB RDS for PostgreSQL instances:

    • 0: no
    • 1: yes
Yes
ClientCertRevocationListstring

The certificate revocation list (CRL) that contains revoked client certificates. This parameter is supported only when the instance runs PostgreSQL with cloud disks.

-----BEGIN X509 CRL-----MIIB****19mg==-----END X509 CRL-----
SSLExpireTimestring

The time when the server certificate expires. The time follows the ISO 8601 standard in the yyyy-MM-ddTHH:mm:ssZ format. The time is displayed in UTC.

2022-10-11T08:16:43Z
CATypestring

The type of the server certificate. This parameter is supported only when the instance runs PostgreSQL with cloud disks. Valid values:

  • aliyun: a cloud certificate
  • custom: a custom certificate
aliyun
SSLCreateTimestring

The time when the server certificate was created. This parameter is supported only when the instance runs PostgreSQL with cloud disks. In addition, this parameter is valid only when CAType is set to aliyun.

-
ReplicationACLstring

The method that is used to verify the replication permission. This parameter is supported only when the instance runs PostgreSQL with cloud disks. Valid values:

  • cert
  • perfer
  • verify-ca
  • verify-full (supported only when the instance runs PostgreSQL 12 or later)
cert
ACLstring

The method that is used to verify the identities of clients. This parameter is supported only when the instance runs PostgreSQL with cloud disks. Valid values:

  • cert
  • perfer
  • verify-ca
  • verify-full (supported only when the instance runs PostgreSQL 12 or later)
cert
RequestIdstring

The ID of the request.

7705151C-E242-55AF-9929-2A3C39D979D2
LastModifyStatusstring

The status of the SSL link. This parameter is supported only when the instance runs PostgreSQL with cloud disks. Valid values:

  • success
  • setting
  • failed
setting
SSLEnabledstring

Indicates whether SSL encryption is enabled.

  • Valid values for ApsaraDB RDS for MySQL instances and ApsaraDB RDS for SQL Server instances:

    • Yes
    • No
  • Valid values for ApsaraDB RDS for PostgreSQL instances:

    • on: enabled
    • off: disabled
Yes
ConnectionStringstring

The endpoint that is protected by SSL encryption.

rm-bp162dfr55g47****.mysql.rds.aliyuncs.com
RequireUpdateReasonstring

The reason why the server certificate needs to be updated. This parameter is supported only when the instance runs PostgreSQL with cloud disks.

-
ClientCACertstring

The public key of the CA that issues client certificates. This parameter is supported only when the instance runs PostgreSQL with cloud disks.

-----BEGIN CERTIFICATE-----MIID*****viXk=-----END CERTIFICATE-----
ServerKeystring

The private key of the server certificate. This parameter is supported only when the instance runs PostgreSQL with cloud disks.

-----BEGIN PRIVATE KEY-----MIIE****ihfg==-----END PRIVATE KEY-----
ModifyStatusReasonstring

The reason why the SSL link stays in the current state. This parameter is supported only when the instance runs PostgreSQL with cloud disks.

Modify DB Instance SSL Config.

Examples

Sample success responses

JSONformat

{
  "ServerCert": "-----BEGIN CERTIFICATE-----MIID*****QqEP-----END CERTIFICATE-----",
  "ClientCACertExpireTime": "-",
  "RequireUpdateItem": "-",
  "ServerCAUrl": "-",
  "RequireUpdate": "Yes",
  "ClientCertRevocationList": "-----BEGIN X509 CRL-----MIIB****19mg==-----END X509 CRL-----",
  "SSLExpireTime": "2022-10-11T08:16:43Z",
  "CAType": "aliyun",
  "SSLCreateTime": "-",
  "ReplicationACL": "cert",
  "ACL": "cert",
  "RequestId": "7705151C-E242-55AF-9929-2A3C39D979D2",
  "LastModifyStatus": "setting",
  "SSLEnabled": "Yes",
  "ConnectionString": "rm-bp162dfr55g47****.mysql.rds.aliyuncs.com",
  "RequireUpdateReason": "-",
  "ClientCACert": "-----BEGIN CERTIFICATE-----MIID*****viXk=-----END CERTIFICATE-----",
  "ServerKey": "-----BEGIN PRIVATE KEY-----MIIE****ihfg==-----END PRIVATE KEY-----",
  "ModifyStatusReason": "Modify DB Instance SSL Config."
}

Error codes

HTTP status codeError codeError messageDescription
400InvaildEngineInRegion.ValueNotSupportedThe engine is not supported in the region.The database engine version is invalid.
400InvalideStatus.FormatSpecified Status is not valid.-
403OperationDenied.DBInstanceTypeThe operation is not permitted due to type of the instance.The current instance type does not support this operation.
403InstanceEngineType.NotSupportThe instance engine and type does not support operationsThe operation failed. The operation is not supported for the database engine that is run on the RDS instance.
403IncorrectEngineVersionCurrent engine version does not support operations.The operation failed. The operation is not supported for the version of the database engine that is run on the RDS instance.
403IncorrectDBInstanceStateCurrent DB instance state does not support this operation.-
403IncorrectDBInstanceTypeCurrent DB instance type does not support this operation.The operation failed. The RDS instance is not in a ready state.
403IncorrectDBInstanceLockModeCurrent DB instance lock mode does not support this operation.The operation failed. The RDS instance is locked.
403ConnectionStringLengthExceededConnection String is too long.The endpoint is exceedingly long. Modify the endpoint and try again.
404InvalidDBInstanceId.NotFoundThe specified instance is not found.The RDS instance cannot be found. Check whether the RDS instance is created within the logged-on account.
404EnabledSSLNotSupportSpecified region does not support enable ssl.SSL encryption is not supported in the region.
404InvalidConnectionString.NotFoundSpecified connection string or net type is not found.The endpoint cannot be found. Check the endpoint.

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
2022-06-23API Description Update,The error codes of the API operation change.
Change itemChange content
API DescriptionAPI Description Update
Error CodesThe error codes of the API operation change.
    delete Error Codes: 400
    delete Error Codes: 403
    delete Error Codes: 404