SSL certificate - Database Autonomy Service - Alibaba Cloud Documentation Center

The SSL certificate feature of global security management in Database Autonomy Service (DAS) displays database instances and Secure Sockets Layer (SSL) information in a centralized manner. This topic describes how to use the SSL certificate feature in DAS.

Prerequisites

The database instance that you want to manage is connected to DAS.
The database instance is of one of the following types:
- ApsaraDB RDS for MySQL
- PolarDB for MySQL
If you use the SSL certificate feature as a RAM user, make sure that you have the AliyunHDMReadOnlyAccess or AliyunHDMFullAccess permission. For more information, see How do I use DAS as a RAM user?

Note

The global security management feature of DAS is in public preview. You can use the feature free of charge during public preview.
SSL certificates for proxy endpoints are not displayed.

Procedure

Log on to the DAS console.
In the left-side navigation pane, choose Security Center > Global Security Management.

On the Global Security Management page, click the SSL Certificate tab.

Note

SSL Enabled Instances: the number of instances for which SSL is enabled or partially enabled.
In the main table, click the instance ID to go to the Basic Information page in the instance console. Click Details to go to the SSL Management page of the instance.

Main table
SSL Certificate Status	The SSL status of the instance. Valid values: Enabled, Partially Enabled, and Disabled. Note The page displays only endpoints that support the SSL feature. For ApsaraDB RDS for MySQL instances, the SSL feature cannot be enabled by endpoint. You do not need to know the specific endpoint. The SSL information in the subtable is the same as the SSL information of the instance. Therefore, the value of the SSL Certificate Status field is Enabled or Disabled for ApsaraDB RDS for MySQL instances. For PolarDB for MySQL clusters, the SSL feature can be enabled by primary endpoint, cluster endpoint, or custom endpoint.
SSL Certificate Expiration Time	The earliest SSL certificate expiration time among all endpoints of the instance.

Click on the left of the instance that you want to manage to view the SSL details of the instance.

Subtable
Endpoint ID	For ApsaraDB RDS for MySQL instances, this field is empty. For PolarDB for MySQL clusters, this field is consistent with the EndpointId field on the Basic Information page in the ApsaraDB RDS for MySQL console.
Endpoint Type	For ApsaraDB RDS for MySQL instances, this field is empty. For PolarDB for MySQL clusters, the value of this field can be Primary Endpoint, Cluster Endpoint, or Custom Endpoint.
SSL-protected Endpoint	The instance endpoint for which the SSL encryption feature is enabled.
SSL Certificate Status	The SSL status of the instance endpoint. Valid values: Enabled and Disabled. Note If the value of this field is Disabled, the SSL-protected Endpoint, SSL Certificate Type, and SSL Certificate Expiration Time fields are empty.
SSL Certificate Type	The SSL certificate type of the instance endpoint. Valid values: Custom Certificate and Cloud Certificate. Note PolarDB for MySQL does not support custom certificates.
SSL Certificate Expiration Time	The SSL certificate expiration time of the instance endpoint. Note The SSL certificate expiration time is displayed based on the time zone of your browser.

FAQ

Why is the database instance that I purchased not displayed on the current page?

The database instance is displayed on the current page after it is created.
The source and engine of the database instance are not supported.