All Products
Search
Document Center

ApsaraDB RDS:Configure SSL encryption for a proxy endpoint

Last Updated:Aug 31, 2023

This topic describes how to configure SSL encryption for a proxy endpoint on an ApsaraDB RDS for MySQL instance. The dedicated proxy of your RDS instance provides advanced features, such as proxy terminal, connection pooling, and transaction splitting. You can use SSL encryption to protect the data that is destined for a proxy endpoint.

Prerequisites

  • The RDS instance runs one of the following MySQL versions:

    • MySQL 8.0 with a minor engine version of 20200831 or later on RDS High-availability Edition

    • MySQL 8.0 on RDS Cluster Edition

    • MySQL 5.7 on RDS Cluster Edition

    • MySQL 5.7 with a minor engine version of 20200831 or later on RDS High-availability Edition

    • MySQL 5.6 with a minor engine version of 20200831 or later on RDS High-availability Edition

    Note

    If your RDS instance is attached with read-only RDS instances, the read-only RDS instances must meet the requirements that are described in Update the minor engine version.

  • The dedicated proxy is enabled. For more information, see Enable the dedicated proxy for an ApsaraDB RDS for MySQL instance.

  • The dedicated proxy version of your RDS instance is V1.12.8 or later. For more information, see Upgrade the dedicated proxy version of an ApsaraDB RDS for MySQL instance.

  • The total length of the proxy endpoint that you want to protect does not exceed 64 characters.

Usage notes

  • SSL encryption can be configured for only one proxy endpoint per proxy terminal.

  • If you enable or disable SSL encryption, change the protected proxy endpoint, or update the validity period of the SSL certificate, your RDS instance restarts. Proceed with caution.

Enable SSL encryption

Important

This operation triggers a restart of your RDS instance. Proceed with caution.

  1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
  2. In the left-side navigation pane, click Database Proxy.

  3. Click the Proxy Terminal (Original Read/Write Splitting) tab.

  4. Find the proxy terminal to which the proxy endpoint that you want to protect belongs. Turn on the switch next to SSL Certificate Information. In the dialog box that appears, select the proxy endpoint that you want to protect, and click OK.

Change the protected proxy endpoint

Important

This operation triggers an update to the validity period of the SSL certificate. This operation also triggers a restart of your RDS instance. Proceed with caution.

  1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
  2. In the left-side navigation pane, click Database Proxy.

  3. Click the Proxy Terminal (Original Read/Write Splitting) tab.

  4. Find the proxy terminal to which the protected proxy endpoint belongs. Click Change Protected Endpoint to the right of Protected Endpoint. In the dialog box that appears, select a new proxy endpoint and click OK.

Update the validity period of the SSL certificate

Important

This operation triggers a restart of your RDS instance. Proceed with caution.

  1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
  2. In the left-side navigation pane, click Database Proxy.

  3. Click the Proxy Terminal (Original Read/Write Splitting) tab.

  4. Find the proxy terminal to which the protected proxy endpoint belongs. Click Update Expiration Time to the right of SSL Certificate Information. In the message that appears, click OK.

Disable SSL encryption

Important

This operation triggers a restart of your RDS instance. Proceed with caution.

  1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
  2. In the left-side navigation pane, click Database Proxy.

  3. Click the Proxy Terminal (Original Read/Write Splitting) tab.

  4. Find the proxy terminal to which the protected proxy endpoint belongs. Turn off the switch next to SSL Certificate Information. In the message that appears, click OK.

Related operations

Operation

Description

ModifyDbProxyInstanceSsl

Configures SSL encryption for a proxy endpoint of an instance.

GetDbProxyInstanceSsl

Queries the SSL encryption settings for a proxy endpoint of an instance.