ModifyDBInstanceSSL - ApsaraDB RDS - Alibaba Cloud Documentation Center

Modifies the SSL encryption settings of an instance.

Operation description

Supported database engines

MySQL
PostgreSQL
SQL Server

References

Note Before you call this operation, read the following documentation and make sure that you fully understand the prerequisites and impacts of this operation.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
rds:ModifyDBInstanceSSL	WRITE	DBInstance acs:rds:{#regionId}:{#accountId}:dbinstance/{#dbinstanceId}	rds:ResourceTag	none

Request parameters

Parameter	Type	Required	Description	Example
DBInstanceId	string	Yes	The instance ID. You can call the DescribeDBInstances operation to query the instance ID.	rm-uf6wjk5xxxxxxx
ConnectionString	string	Yes	The internal or public endpoint for which the server certificate needs to be created or updated.	rm-uf6wjk5xxxxx.mysql.rds.aliyuncs.com
SSLEnabled	integer	No	Specifies whether to enable or disable the SSL encryption feature. Valid values: 1: enables the feature. 0: disables the feature.	1
CAType	string	No	The type of the server certificate. This parameter is supported only when the instance runs PostgreSQL with cloud disks. If you set SSLEnabled to 1, the default value of this parameter is aliyun. Valid values: aliyun: a cloud certificate custom: a custom certificate	aliyun
ServerCert	string	No	The content of the server certificate. This parameter is supported only when the instance runs PostgreSQL with cloud disks. This parameter must be specified when CAType is set to custom.	-----BEGIN CERTIFICATE-----MIID*****QqEP-----END CERTIFICATE-----
ServerKey	string	No	The private key of the server certificate. This parameter is supported only when the instance runs PostgreSQL with cloud disks. This parameter must be specified when CAType is set to custom.	-----BEGIN PRIVATE KEY-----MIIE****ihfg==-----END PRIVATE KEY-----
ClientCAEnabled	integer	No	Specifies whether to enable the public key of the CA that issues client certificates. This parameter is supported only when the instance runs PostgreSQL with cloud disks. Valid values: 1: enables the public key. 0: disables the public key.	1
ClientCACert	string	No	The public key of the CA that issues client certificates. This parameter is supported only when the instance runs PostgreSQL with cloud disks. This parameter must be specified when ClientCAEbabled is set to 1.	-----BEGIN CERTIFICATE-----MIID*****viXk=-----END CERTIFICATE-----
ClientCrlEnabled	integer	No	Specifies whether to enable a certificate revocation list (CRL) that contains revoked client certificates. This parameter is supported only when the instance runs PostgreSQL with cloud disks. In addition, this parameter is available only when the public key of the CA that issues client certificates is enabled. Valid values: 1: enables the CRL. 0: disables the CRL.	1
ClientCertRevocationList	string	No	The CRL that contains revoked client certificates. This parameter is supported only when the instance runs PostgreSQL with cloud disks. This parameter must be specified when ClientCrlEnabled is set to 1.	-----BEGIN X509 CRL-----MIIB****19mg==-----END X509 CRL-----
ACL	string	No	The method that is used to verify the identities of clients. This parameter is supported only when the instance runs PostgreSQL with cloud disks. In addition, this parameter is available only when the public key of the CA that issues client certificates is enabled. Valid values: cert prefer verify-ca verify-full (supported only when the instance runs PostgreSQL 12 or later)	cert
ReplicationACL	string	No	The method that is used to verify the replication permission. This parameter is supported only when the instance runs PostgreSQL with cloud disks. In addition, this parameter is available only when the public key of the CA that issues client certificates is enabled. Valid values: cert prefer verify-ca verify-full (supported only when the instance runs PostgreSQL 12 or later)	cert
ForceEncryption	string	No	Specifies whether to enable the forceful SSL encryption feature. This parameter is supported only for ApsaraDB RDS for SQL Server instances. For more information, see Configure the SSL encryption feature. Valid values: 1: enables the feature. 0: disables the feature.	1
TlsVersion	string	No	The minimum Transport Layer Security (TLS) version. Valid values: 1.0, 1.1, and 1.2. This parameter is supported only for ApsaraDB RDS for SQL Server instances. For more information, see Configure the SSL encryption feature.	1.1
Certificate	string	No	The custom certificate. The custom certificate is in the `PFX` format. Public endpoint: `oss-<The ID of the region>.aliyuncs.com:<The name of the bucket>:<The name of the certificate file (The file name contains the extension.)>` Internal endpoint: `oss-<The ID of the region>-internal.aliyuncs.com:<The name of the bucket>:<The name of the certificate file (The file name contains the extension.)>`	oss-cn-beijing-internal.aliyuncs.com:zhttest:test.pfx
PassWord	string	No	The password of the certificate.	zht123456

Response parameters

Parameter	Type	Description	Example
	object	The response parameters.
RequestId	string	The ID of the request.	777C4593-8053-427B-99E2-105593277CAB

Examples

Sample success responses

JSONformat

{
  "RequestId": "777C4593-8053-427B-99E2-105593277CAB"
}

Error codes

HTTP status code	Error code	Error message	Description
400	InvalidServerCertOrPrivateKey	Specify server certificate or private key is invalid.	The server certificate type or the private key is invalid.
400	InvalidClientCACert	Specify client ca certificate is invalid.	The client CA certificate is invalid.
400	InvalidClientCrl	Specify client certificate revocation list is invalid.	The client CRL is invalid.
400	InvalidCAType.NotFound	Specify ca type is not found.	The server certificate type is invalid.
400	InvalidACL.NotFound	Specify acl is not found.	The access control type is invalid.
400	InvalidSSLStatus	Specify ssl status is invalid.	The operation failed. The setting of SSL encryption is invalid.
400	IncorrectDBSslStatus	Specified DB SSLStatus does not support this operation.	The specified database SSL status is invalid.
400	InvalidModifyMode.Format	Specified modify mode is not valid.	-
400	Order.ComboInstanceNotAllowOperate	A package instance is not allowed to operate independently.	A package instance is not allowed to operate independently.
400	Price.PricingPlanResultNotFound	Pricing plan price result not found.	Pricing plan price result not found.
400	Order.NoRealNameAuthentication	You have not passed the real-name authentication and do not meet the purchase conditions. Please log in to the user center for real-name authentication.	You have not passed the real-name authentication and do not meet the purchase conditions. Please log in to the user center for real-name authentication.
400	InsufficientAvailableQuota	Your account quota limit is less than 0, please recharge before trying to purchase.	Your account available limit is less than 0, please recharge before trying to purchase.
400	CommodityServiceCalling.Exception	Failed to call commodity service.	Failed to call commodity service return.
400	RegionDissolvedEOM	Dear customer, Alibaba Cloud plans to optimize and adjust the current region. Cloud services in this region will cease operations. You are currently unable to operate new purchase orders. Thank you for your understanding and support.	Hello, Alibaba Cloud plans to optimize and adjust the current region. Cloud services in this region will stop operating. In order to ensure your business continuity and smooth transition of data migration, you are currently unable to operate new purchase orders. Thank you for your understanding and support.
400	Commodity.InvalidComponent	The module you purchased is not legal, please buy it again.	The module you purchased is not legal, please buy it again.
400	RegionEndTimeDissolvedIndia	Cloud services in the India (Mumbai) region will be discontinued. Set the validity date to July 15, 2024 or earlier than July 15, 2024.	Cloud services in the India (Mumbai) region will be discontinued. Set the validity date to July 15, 2024 or earlier than July 15, 2024.
400	RegionEndTimeDissolvedAustralia	Cloud services in the Australia (Sydney) region will be discontinued. Set the validity date to September 30, 2024 or earlier than September 30, 2024.	Cloud services in the Australia (Sydney) region will be discontinued. Set the validity date to September 30, 2024 or earlier than September 30, 2024.
400	Price.CommoditySys	Commodity system call exception.	Commodity system call exception.
400	Pay.InsufficientBalance	Insufficient available balance.	Insufficient available balance.
400	Order.PeriodInvalid	There is a problem with the period you selected, please choose again.	There is a problem with the period you selected, please choose again.
400	pay.noCreditCard	Account not bound to credit card.	-
400	Order.InstHasUnpaidOrder	There is an unpaid order for the service you have purchased. Please pay or void it before placing the order.	There is an unpaid order for the service you have purchased. Please pay or void it before placing the order.
400	noAvailablePaymentMethod	No payment method is specified for your account. We recommend that you add a payment method.	-
400	BasicInfoUncompleted	Your information is incomplete. Complete your information before the operation.	Your basic information is not complete, please complete your basic information before operation.
403	InvalidClientCrl.Permission	Client ca certificate is set first if need to set client certificate revocation list.	The operation failed due to permission errors. Configure the client CA certificate and try again.
403	InvalidACL.Permission	Client ca certificate is set first if need to set acl.	The operation failed. Configure the client CA certificate and try again.
404	Endpoint.NotFound	Specified endpoint is not existed.	-

For a list of error codes, visit the Service error codes.

Change history

Change time

Summary of changes

Operation

2024-02-27

The Error code has changed. The request parameters of the API has changed

see changesets

Change item	Change content
Error Codes	The Error code has changed.
	delete Error Codes: 400
	delete Error Codes: 403
	delete Error Codes: 404
Input Parameters	The request parameters of the API has changed.
	Added Input Parameters: Certificate
	Added Input Parameters: PassWord

2023-12-20

The Error code has changed. The request parameters of the API has changed

see changesets

Change item	Change content
Error Codes	The Error code has changed.
	delete Error Codes: 400
	delete Error Codes: 403
	delete Error Codes: 404
Input Parameters	The request parameters of the API has changed.
	Added Input Parameters: ForceEncryption
	Added Input Parameters: TlsVersion

2023-09-08

The Error code has changed

see changesets

Change item	Change content
Error Codes	The Error code has changed.
	delete Error Codes: 400
	delete Error Codes: 403
	Added Error Codes: 404

2022-06-23

API Description Update. The Error code has changed

see changesets

Change item	Change content
API Description	API Description Update.
Error Codes	The Error code has changed.
	delete Error Codes: 400
	delete Error Codes: 403