All Products
Search

This Product

    ApsaraDB RDS:Configure SSL encryption for a dedicated proxy endpoint

    Document Center

    ApsaraDB RDS:Configure SSL encryption for a dedicated proxy endpoint

    Last Updated:Oct 26, 2023

    This topic describes how to configure SSL encryption for a dedicated proxy endpoint on an ApsaraDB RDS for MySQL instance. The dedicated proxy of your RDS instance provides advanced features, such as proxy terminal, connection pooling, and transaction splitting. You can use SSL encryption to protect the data that is destined for a dedicated proxy endpoint.

    Prerequisites

    • The RDS instance runs one of the following MySQL versions:

      • MySQL 8.0 with a minor engine version of 20200831 or later on RDS High-availability Edition

      • MySQL 8.0 on RDS Cluster Edition

      • MySQL 5.7 on RDS Cluster Edition

      • MySQL 5.7 with a minor engine version of 20200831 or later on RDS High-availability Edition

      • MySQL 5.6 with a minor engine version of 20200831 or later on RDS High-availability Edition

      Note

      If your RDS instance is attached with read-only RDS instances, the read-only RDS instances must meet the requirements that are described in Update the minor engine version.

    • The dedicated proxy is enabled. For more information, see Enable and configure the dedicated proxy feature.

    • The dedicated proxy version of your RDS instance is V1.12.8 or later. For more information, see Upgrade the dedicated proxy version of an ApsaraDB RDS for MySQL instance.

    • The total length of the dedicated proxy endpoint that you want to protect does not exceed 64 characters.

    Usage notes

    • SSL encryption can be configured for only one dedicated proxy endpoint per proxy terminal.

    • If you enable or disable SSL encryption, change the protected dedicated proxy endpoint, or update the validity period of the SSL certificate, your RDS instance restarts. Proceed with caution.

    Enable SSL encryption

    Important

    This operation triggers a restart of your RDS instance. Proceed with caution.

    1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.

    2. In the left-side navigation pane, click Database Proxy.

    3. Click the Proxy Terminal (Original Read/Write Splitting) tab.

    4. Find the proxy terminal to which the dedicated proxy endpoint that you want to protect belongs. Turn on the switch next to SSL Certificate Information. In the dialog box that appears, select the dedicated proxy endpoint that you want to protect, and click OK.

    Change the protected dedicated proxy endpoint

    Important

    This operation triggers an update to the validity period of the SSL certificate. This operation also triggers a restart of your RDS instance. Proceed with caution.

    1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.

    2. In the left-side navigation pane, click Database Proxy.

    3. Click the Proxy Terminal (Original Read/Write Splitting) tab.

    4. Find the proxy terminal to which the protected dedicated proxy endpoint belongs. Click Change Protected Endpoint to the right of Protected Endpoint. In the dialog box that appears, select a new dedicated proxy endpoint and click OK.

    Update the validity period of the SSL certificate

    Important

    This operation triggers a restart of your RDS instance. Proceed with caution.

    1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.

    2. In the left-side navigation pane, click Database Proxy.

    3. Click the Proxy Terminal (Original Read/Write Splitting) tab.

    4. Find the proxy terminal to which the protected dedicated proxy endpoint belongs. Click Update Expiration Time to the right of SSL Certificate Information. In the message that appears, click OK.

    Disable SSL encryption

    Important

    This operation triggers a restart of your RDS instance. Proceed with caution.

    1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.

    2. In the left-side navigation pane, click Database Proxy.

    3. Click the Proxy Terminal (Original Read/Write Splitting) tab.

    4. Find the proxy terminal to which the protected dedicated proxy endpoint belongs. Turn off the switch next to SSL Certificate Information. In the message that appears, click OK.

    Related operations

    Operation

    Description

    ModifyDbProxyInstanceSsl

    Configures SSL encryption for a proxy endpoint of an instance.

    GetDbProxyInstanceSsl

    Queries the SSL encryption settings for a proxy endpoint of an instance.