The SSL certificate feature in Database Autonomy Service (DAS) gives you a centralized view of Secure Sockets Layer (SSL) status and certificate expiration times across your database instances. Instead of checking each instance console individually, use this page to identify instances with SSL disabled or certificates nearing expiration.
The global security management feature is in public preview and is free of charge during the preview period. SSL certificates for proxy endpoints are not displayed.
Prerequisites
Before you begin, make sure that:
The database instance is connected to DAS
The instance type is one of the following:
ApsaraDB RDS for MySQL
PolarDB for MySQL
If you are a RAM user, you have the AliyunHDMReadOnlyAccess or AliyunHDMFullAccess permission. For details, see How do I use DAS as a RAM user?
View SSL certificate status
Log on to the DAS console.
In the left-side navigation pane, choose Security Center > Global Security Management.
Click the SSL Certificate tab. The SSL Enabled Instances counter shows how many instances have SSL fully or partially enabled. The main table shows one row per instance:
Click an instance ID to open the Basic Information page in the instance console. Click Details to go to the SSL Management page for that instance.
Field Description SSL Certificate Status SSL status of the instance. Values: Enabled, Partially Enabled, or Disabled. See Understanding SSL Certificate Status values for behavior by database type. SSL Certificate Expiration Time The earliest certificate expiration time across all endpoints of the instance. 
To view per-endpoint SSL details, click
to the left of an instance. The subtable shows endpoint-level SSL information:Field Description Endpoint ID The endpoint identifier. Empty for ApsaraDB RDS for MySQL instances. For PolarDB for MySQL clusters, matches the EndpointId field on the Basic Information page. Endpoint Type The endpoint type. Empty for ApsaraDB RDS for MySQL instances. For PolarDB for MySQL clusters, the value is Primary Endpoint, Cluster Endpoint, or Custom Endpoint. SSL-protected Endpoint The endpoint address for which SSL encryption is enabled. SSL Certificate Status SSL status of the endpoint: Enabled or Disabled. If Disabled, the SSL-protected Endpoint, SSL Certificate Type, and SSL Certificate Expiration Time fields are blank. SSL Certificate Type The certificate type: Custom Certificate or Cloud Certificate. PolarDB for MySQL does not support custom certificates. SSL Certificate Expiration Time The certificate expiration time, displayed in your browser's time zone. 
Understanding SSL Certificate Status values
The page displays only endpoints that support SSL. How SSL Certificate Status behaves differs by database type:
| Database type | Possible status values | Notes |
|---|---|---|
| ApsaraDB RDS for MySQL | Enabled or Disabled | SSL applies to the entire instance, not individual endpoints. The SSL information in the subtable is the same as the SSL information of the instance. |
| PolarDB for MySQL | Enabled, Partially Enabled, or Disabled | SSL can be enabled per endpoint (primary, cluster, or custom). Partially Enabled means SSL is on for some endpoints but not all. |
FAQ
Why is my database instance not showing on this page?
An instance appears on this page only after it finishes creating. If the instance is already running but still missing, its source or engine type is not supported. Only ApsaraDB RDS for MySQL and PolarDB for MySQL instances are displayed.