Modifies the SSL encryption settings of an instance.
Operation description
Debugging
Authorization information
The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action
policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:
- Operation: the value that you can use in the Action element to specify the operation on a resource.
- Access level: the access level of each operation. The levels are read, write, and list.
- Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level,
All Resources
is used in the Resource type column of the operation.
- Condition Key: the condition key that is defined by the cloud service.
- Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
Operation | Access level | Resource type | Condition key | Associated operation |
---|---|---|---|---|
rds:ModifyDBInstanceSSL | WRITE |
|
| none |
Request parameters
Parameter | Type | Required | Description | Example |
---|---|---|---|---|
DBInstanceId | string | Yes | The instance ID. You can call the DescribeDBInstances operation to query the instance ID. | rm-uf6wjk5xxxxxxx |
ConnectionString | string | Yes | The internal or public endpoint for which the server certificate needs to be created or updated. | rm-uf6wjk5xxxxx.mysql.rds.aliyuncs.com |
SSLEnabled | integer | No | Specifies whether to enable or disable the SSL encryption feature. Valid values:
| 1 |
CAType | string | No | The type of the server certificate. This parameter is supported only when the instance runs PostgreSQL with cloud disks. If you set SSLEnabled to 1, the default value of this parameter is aliyun. Valid values:
| aliyun |
ServerCert | string | No | The content of the server certificate. This parameter is supported only when the instance runs PostgreSQL with cloud disks. This parameter must be specified when CAType is set to custom. | -----BEGIN CERTIFICATE-----MIID*****QqEP-----END CERTIFICATE----- |
ServerKey | string | No | The private key of the server certificate. This parameter is supported only when the instance runs PostgreSQL with cloud disks. This parameter must be specified when CAType is set to custom. | -----BEGIN PRIVATE KEY-----MIIE****ihfg==-----END PRIVATE KEY----- |
ClientCAEnabled | integer | No | Specifies whether to enable the public key of the CA that issues client certificates. This parameter is supported only when the instance runs PostgreSQL with cloud disks. Valid values:
| 1 |
ClientCACert | string | No | The public key of the CA that issues client certificates. This parameter is supported only when the instance runs PostgreSQL with cloud disks. This parameter must be specified when ClientCAEbabled is set to 1. | -----BEGIN CERTIFICATE-----MIID*****viXk=-----END CERTIFICATE----- |
ClientCrlEnabled | integer | No | Specifies whether to enable a certificate revocation list (CRL) that contains revoked client certificates. This parameter is supported only when the instance runs PostgreSQL with cloud disks. In addition, this parameter is available only when the public key of the CA that issues client certificates is enabled. Valid values:
| 1 |
ClientCertRevocationList | string | No | The CRL that contains revoked client certificates. This parameter is supported only when the instance runs PostgreSQL with cloud disks. This parameter must be specified when ClientCrlEnabled is set to 1. | -----BEGIN X509 CRL-----MIIB****19mg==-----END X509 CRL----- |
ACL | string | No | The method that is used to verify the identities of clients. This parameter is supported only when the instance runs PostgreSQL with cloud disks. In addition, this parameter is available only when the public key of the CA that issues client certificates is enabled. Valid values:
| cert |
ReplicationACL | string | No | The method that is used to verify the replication permission. This parameter is supported only when the instance runs PostgreSQL with cloud disks. In addition, this parameter is available only when the public key of the CA that issues client certificates is enabled. Valid values:
| cert |
ForceEncryption | string | No | Specifies whether to enable the forceful SSL encryption feature. This parameter is supported only for ApsaraDB RDS for SQL Server instances. For more information, see Configure the SSL encryption feature. Valid values:
| 1 |
TlsVersion | string | No | The minimum Transport Layer Security (TLS) version. Valid values: 1.0, 1.1, and 1.2. This parameter is supported only for ApsaraDB RDS for SQL Server instances. For more information, see Configure the SSL encryption feature. | 1.1 |
Certificate | string | No | The custom certificate. The custom certificate is in the
| oss-cn-beijing-internal.aliyuncs.com:zhttest:test.pfx |
PassWord | string | No | The password of the certificate. | zht123456 |
Response parameters
Examples
Sample success responses
JSON
format
{
"RequestId": "777C4593-8053-427B-99E2-105593277CAB"
}
Error codes
HTTP status code | Error code | Error message | Description |
---|---|---|---|
400 | InvalidServerCertOrPrivateKey | Specify server certificate or private key is invalid. | The server certificate type or the private key is invalid. |
400 | InvalidClientCACert | Specify client ca certificate is invalid. | The client CA certificate is invalid. |
400 | InvalidClientCrl | Specify client certificate revocation list is invalid. | The client CRL is invalid. |
400 | InvalidCAType.NotFound | Specify ca type is not found. | The server certificate type is invalid. |
400 | InvalidACL.NotFound | Specify acl is not found. | The access control type is invalid. |
400 | InvalidSSLStatus | Specify ssl status is invalid. | The operation failed. The setting of SSL encryption is invalid. |
400 | IncorrectDBSslStatus | Specified DB SSLStatus does not support this operation. | The specified database SSL status is invalid. |
400 | InvalidModifyMode.Format | Specified modify mode is not valid. | - |
400 | Order.ComboInstanceNotAllowOperate | A package instance is not allowed to operate independently. | A package instance is not allowed to operate independently. |
400 | Price.PricingPlanResultNotFound | Pricing plan price result not found. | Pricing plan price result not found. |
400 | Order.NoRealNameAuthentication | You have not passed the real-name authentication and do not meet the purchase conditions. Please log in to the user center for real-name authentication. | You have not passed the real-name authentication and do not meet the purchase conditions. Please log in to the user center for real-name authentication. |
400 | InsufficientAvailableQuota | Your account quota limit is less than 0, please recharge before trying to purchase. | Your account available limit is less than 0, please recharge before trying to purchase. |
400 | CommodityServiceCalling.Exception | Failed to call commodity service. | Failed to call commodity service return. |
400 | RegionDissolvedEOM | Dear customer, Alibaba Cloud plans to optimize and adjust the current region. Cloud services in this region will cease operations. You are currently unable to operate new purchase orders. Thank you for your understanding and support. | Hello, Alibaba Cloud plans to optimize and adjust the current region. Cloud services in this region will stop operating. In order to ensure your business continuity and smooth transition of data migration, you are currently unable to operate new purchase orders. Thank you for your understanding and support. |
400 | Commodity.InvalidComponent | The module you purchased is not legal, please buy it again. | The module you purchased is not legal, please buy it again. |
400 | RegionEndTimeDissolvedIndia | Cloud services in the India (Mumbai) region will be discontinued. Set the validity date to July 15, 2024 or earlier than July 15, 2024. | Cloud services in the India (Mumbai) region will be discontinued. Set the validity date to July 15, 2024 or earlier than July 15, 2024. |
400 | RegionEndTimeDissolvedAustralia | Cloud services in the Australia (Sydney) region will be discontinued. Set the validity date to September 30, 2024 or earlier than September 30, 2024. | Cloud services in the Australia (Sydney) region will be discontinued. Set the validity date to September 30, 2024 or earlier than September 30, 2024. |
400 | Price.CommoditySys | Commodity system call exception. | Commodity system call exception. |
400 | Pay.InsufficientBalance | Insufficient available balance. | Insufficient available balance. |
400 | Order.PeriodInvalid | There is a problem with the period you selected, please choose again. | There is a problem with the period you selected, please choose again. |
400 | pay.noCreditCard | Account not bound to credit card. | - |
400 | Order.InstHasUnpaidOrder | There is an unpaid order for the service you have purchased. Please pay or void it before placing the order. | There is an unpaid order for the service you have purchased. Please pay or void it before placing the order. |
400 | noAvailablePaymentMethod | No payment method is specified for your account. We recommend that you add a payment method. | - |
400 | BasicInfoUncompleted | Your information is incomplete. Complete your information before the operation. | Your basic information is not complete, please complete your basic information before operation. |
403 | InvalidClientCrl.Permission | Client ca certificate is set first if need to set client certificate revocation list. | The operation failed due to permission errors. Configure the client CA certificate and try again. |
403 | InvalidACL.Permission | Client ca certificate is set first if need to set acl. | The operation failed. Configure the client CA certificate and try again. |
404 | Endpoint.NotFound | Specified endpoint is not existed. | - |
For a list of error codes, visit the Service error codes.
Change history
Change time | Summary of changes | Operation | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2024-02-27 | The Error code has changed. The request parameters of the API has changed | see changesets | ||||||||||||||
| ||||||||||||||||
2023-12-20 | The Error code has changed. The request parameters of the API has changed | see changesets | ||||||||||||||
| ||||||||||||||||
2023-09-08 | The Error code has changed | see changesets | ||||||||||||||
| ||||||||||||||||
2022-06-23 | API Description Update. The Error code has changed | see changesets | ||||||||||||||
|