This topic describes how to configure Secure Sockets Layer (SSL) encryption for a proxy endpoint on an ApsaraDB RDS for MySQL instance. The dedicated proxy of your RDS instance provides advanced features, such as proxy terminal, connection pool, and transaction splitting. You can use SSL encryption to protect the data that is destined for a proxy endpoint.

Prerequisites

Precautions

  • SSL encryption can be configured for only one proxy endpoint per proxy terminal.
  • If you enable or disable SSL encryption, change the protected proxy endpoint, or update the validity period of the SSL certificate, your RDS instance restarts. Proceed with caution.

Enable SSL encryption

Notice This operation triggers a restart of your RDS instance. Proceed with caution.
  1. Visit the RDS instance list, select a region above, and click the target instance ID.
  2. In the left-side navigation pane, click Database Proxy.
  3. Click the Proxy Terminal (Original Read/Write Splitting) tab.
  4. Find the proxy terminal to which the proxy endpoint that you want to protect belongs. Turn on the switch next to SSL Certificate Information. In the dialog box that appears, select the proxy endpoint that you want to protect, and click OK.

Change the protected proxy endpoint

Notice This operation triggers an update to the validity period of the SSL certificate. This operation also triggers a restart of your RDS instance. Proceed with caution.
  1. Visit the RDS instance list, select a region above, and click the target instance ID.
  2. In the left-side navigation pane, click Database Proxy.
  3. Click the Proxy Terminal (Original Read/Write Splitting) tab.
  4. Find the proxy terminal to which the protected proxy endpoint belongs. Click Change Protected Endpoint to the right of Protected Endpoint. In the dialog box that appears, select a new proxy endpoint and click OK.

Update the validity period of the SSL certificate

Notice This operation triggers a restart of your RDS instance. Proceed with caution.
  1. Visit the RDS instance list, select a region above, and click the target instance ID.
  2. In the left-side navigation pane, click Database Proxy.
  3. Click the Proxy Terminal (Original Read/Write Splitting) tab.
  4. Find the proxy terminal to which the protected proxy endpoint belongs. Click Update Expiration Time to the right of SSL Certificate Information. In the message that appears, click OK.

Disable SSL encryption

Notice This operation triggers a restart of your RDS instance. Proceed with caution.
  1. Visit the RDS instance list, select a region above, and click the target instance ID.
  2. In the left-side navigation pane, click Database Proxy.
  3. Click the Proxy Terminal (Original Read/Write Splitting) tab.
  4. Find the proxy terminal to which the protected proxy endpoint belongs. Turn off the switch next to SSL Certificate Information. In the message that appears, click OK.

Related operations

Operation Description
ModifyDbProxyInstanceSsl Configures SSL encryption for a proxy endpoint of an RDS instance.
GetDbProxyInstanceSsl Queries the SSL encryption settings for a proxy endpoint of an RDS instance.