You can call the ModifyDBInstanceSSL operation to modify the SSL encryption settings of an ApsaraDB RDS instance.
This operation is used to configure SSL encryption for an instance. For more information, see ~~32474~~.
- Before you call this operation, make sure that your instance is one of the following
instances:
- ApsaraDB RDS for MySQL instances that do not run RDS Basic Edition
- ApsaraDB RDS for SQL Server instances
- ApsaraDB RDS for PostgreSQL instances that use standard SSDs or enhanced SSDs (ESSDs)
- SSL encryption is not supported for the connections to the read/write splitting endpoint of an instance.
Debugging
Request parameters
Parameter | Type | Required | Example | Description |
---|---|---|---|---|
Action | String | Yes | ModifyDBInstanceSSL |
The operation that you want to perform. The operation that you want to perform. Set the value to ModifyDBInstanceSSL. |
DBInstanceId | String | Yes | rm-uf6wjk5xxxxxxx |
The ID of the instance. |
ConnectionString | String | Yes | rm-uf6wjk5xxxxx.mysql.rds.aliyuncs.com |
The internal or public endpoint for which the server certificate needs to be created or updated. |
SSLEnabled | Integer | No | 1 |
Specifies whether to enable or disable SSL encryption. Valid values:
|
CAType | String | No | aliyun |
The type of the server certificate. This parameter is supported only when the instance runs PostgreSQL with standard SSDs or ESSDs. If you set the SSLEnabled parameter to 1, the default value of this parameter is aliyun. Valid values:
|
ServerCert | String | No | -----BEGIN CERTIFICATE-----MIID*****QqEP-----END CERTIFICATE----- |
The content of the server certificate. This parameter is supported only when the instance runs PostgreSQL with standard SSDs or ESSDs. If you set the CAType parameter to custom, you must also specify this parameter. |
ServerKey | String | No | -----BEGIN PRIVATE KEY-----MIIE****ihfg==-----END PRIVATE KEY----- |
The private key of the server certificate. This parameter is supported only when the instance runs PostgreSQL with standard SSDs or ESSDs. If you set the CAType parameter to custom, you must also specify this parameter. |
ClientCAEnabled | Integer | No | 1 |
Specifies whether to enable the public key of the CA that issues client certificates. This parameter is supported only when the instance runs PostgreSQL with standard SSDs or ESSDs. Valid values:
|
ClientCACert | String | No | -----BEGIN CERTIFICATE-----MIID*****viXk=-----END CERTIFICATE----- |
The public key of the CA that issues client certificates. This parameter is supported only when the instance runs PostgreSQL with standard SSDs or ESSDs. If you set the ClientCAEbabled parameter to 1, you must also specify this parameter. |
ClientCrlEnabled | Integer | No | 1 |
Specifies whether to enable a certificate revocation list (CRL) that contains revoked client certificates. This parameter is supported only when the instance runs PostgreSQL with standard or enhanced SSDs. In addition, this parameter is available only when the public key of the CA that issues client certificates is enabled. Valid values:
|
ClientCertRevocationList | String | No | -----BEGIN X509 CRL-----MIIB****19mg==-----END X509 CRL----- |
The CRL that contains revoked client certificates. This parameter is supported only when the instance runs PostgreSQL with standard SSDs or ESSDs. If you set the ClientCrlEnabled parameter to 1, you must also specify this parameter. |
ACL | String | No | cert |
The method that is used to verify the identities of clients. This parameter is supported only when the instance runs PostgreSQL with standard SSDs or ESSDs. In addition, this parameter is available only when the public key of the CA that issues client certificates is enabled. Valid values:
|
ReplicationACL | String | No | cert |
The method that is used to verify the replication permission. This parameter is supported only when the instance runs PostgreSQL with standard SSDs or ESSDs. In addition, this parameter is available only when the public key of the CA that issues client certificates is enabled. Valid values:
|
Response parameters
Parameter | Type | Example | Description |
---|---|---|---|
RequestId | String | 777C4593-8053-427B-99E2-105593277CAB |
The ID of the request. |
Examples
Sample requests
http(s)://rds.aliyuncs.com/?Action=ModifyDBInstanceSSL
&ConnectionString=rm-uf6wjk5xxxxx.mysql.rds.aliyuncs.com
&DBInstanceId=rm-uf6wjk5xxxxxxx
&<Common request parameters>
Sample success responses
XML
format
HTTP/1.1 200 OK
Content-Type:application/xml
<RequestId>777C4593-8053-427B-99E2-105593277CAB</RequestId>
JSON
format
HTTP/1.1 200 OK
Content-Type:application/json
{
"RequestId" : "777C4593-8053-427B-99E2-105593277CAB"
}
Error codes
HTTP status code | Error code | Error message | Description |
---|---|---|---|
400 | InvalidServerCertOrPrivateKey | Specify server certificate or private key is invalid. | The error message returned because the specified server certificate or private key is invalid. |
400 | InvalidClientCACert | Specify client ca certificate is invalid. | The error message returned because the value of the ClientCACert parameter is invalid. |
400 | InvalidClientCrl | Specify client certificate revocation list is invalid. | The error message returned because the specified CRL is invalid. |
400 | InvalidCAType.NotFound | Specify ca type is not found. | The error message returned because the specified type of the server certificate is invalid. |
400 | InvalidACL.NotFound | Specify acl is not found. | The error message returned because the value of the ACL parameter is invalid. |
400 | InvalidSSLStatus | Specify ssl status is invalid. | The error message returned because the value of the SSLEnabled parameter is invalid. |
403 | InvalidClientCrl.Permission | Client ca certificate is set first if need to set client certificate revocation list. | The error message returned because you are not authorized to perform this operation. You must configure a client CA certificate before you perform this operation. |
403 | InvalidACL.Permission | Client ca certificate is set first if need to set acl. | The error message returned because the client CA certificate is not specified. |
For a list of error codes, visit the Error Center.