DescribeDBInstanceSSL - ApsaraDB RDS - Alibaba Cloud Documentation Center

Queries the SSL configurations of an instance.

Operation description

Supported database engines

RDS MySQL
RDS PostgreSQL
RDS SQL Server

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Debug

Authorization information

There is currently no authorization information disclosed in the API.

Request parameters

Parameter	Type	Required	Description	Example
DBInstanceId	string	Yes	The instance ID. You can call the DescribeDBInstances operation to query the instance ID.	rm-bp162dfr55g47****

Response parameters

Parameter	Type	Description	Example
	object	The response parameters.
ServerCert	string	The content of the server certificate. This parameter is supported only when the instance runs PostgreSQL with cloud disks.	-----BEGIN CERTIFICATE-----MIID*****QqEP-----END CERTIFICATE-----
ClientCACertExpireTime	string	The time when the public key of the CA that issues client certificates expires. This parameter is supported only when the instance runs PostgreSQL with cloud disks. The time follows the ISO 8601 standard in the yyyy-MM-ddTHH:mm:ssZ format. The time is displayed in UTC. This parameter is not supported now.	-
RequireUpdateItem	string	The server certificate that needs to be updated. This parameter is supported only when the instance runs PostgreSQL with cloud disk.	-
ServerCAUrl	string	The URL of the certificate that is used to issue the server certificate. This parameter is supported only when the instance runs PostgreSQL with cloud disk.	-
RequireUpdate	string	Indicates whether the server certificate needs to be updated. Valid values for ApsaraDB RDS for MySQL instances and ApsaraDB RDS for SQL Server instances: No Yes Valid values for ApsaraDB RDS for PostgreSQL instances: 0: no 1: yes	Yes
ClientCertRevocationList	string	The certificate revocation list (CRL) that contains revoked client certificates. This parameter is supported only when the instance runs PostgreSQL with cloud disks.	-----BEGIN X509 CRL-----MIIB****19mg==-----END X509 CRL-----
SSLExpireTime	string	The time when the server certificate expires. The time follows the ISO 8601 standard in the yyyy-MM-ddTHH:mm:ssZ format. The time is displayed in UTC.	2022-10-11T08:16:43Z
CAType	string	The type of the server certificate. This parameter is supported only when the instance runs PostgreSQL with cloud disks. Valid values: aliyun: a cloud certificate custom: a custom certificate	aliyun
SSLCreateTime	string	The time when the server certificate was created. This parameter is supported only when the instance runs PostgreSQL with cloud disks. In addition, this parameter is valid only when the CAType parameter value is aliyun.	-
ReplicationACL	string	The method that is used to verify the replication permission. This parameter is supported only when the instance runs PostgreSQL with cloud disks. Valid values: cert prefer verify-ca verify-full (supported only when the instance runs PostgreSQL 12 or later)	cert
ACL	string	The method that is used to verify the identities of clients. This parameter is supported only when the instance runs PostgreSQL with cloud disks. Valid values: cert prefer verify-ca verify-full (supported only when the instance runs PostgreSQL 12 or later)	cert
RequestId	string	The ID of the request.	7705151C-E242-55AF-9929-2A3C39D979D2
LastModifyStatus	string	The status of the SSL link. This parameter is supported only when the instance runs PostgreSQL with cloud disks. Valid values: success setting failed	setting
SSLEnabled	string	Indicates whether SSL encryption is enabled. Valid values for ApsaraDB RDS for MySQL instances and ApsaraDB RDS for SQL Server instances: Yes No Valid values for ApsaraDB RDS for PostgreSQL instances: on: enabled off: disabled	Yes
ConnectionString	string	The endpoint that is protected by SSL encryption.	rm-bp162dfr55g47****.mysql.rds.aliyuncs.com
RequireUpdateReason	string	The reason why the server certificate needs to be updated. This parameter is supported only when the instance runs PostgreSQL with cloud disks.	-
ClientCACert	string	The public key of the CA that issues client certificates. This parameter is supported only when the instance runs PostgreSQL with cloud disks.	-----BEGIN CERTIFICATE-----MIID*****viXk=-----END CERTIFICATE-----
ServerKey	string	The private key of the server certificate. This parameter is supported only when the instance runs PostgreSQL with cloud disks.	-----BEGIN PRIVATE KEY-----MIIE****ihfg==-----END PRIVATE KEY-----
ModifyStatusReason	string	The reason why the SSL link stays in the current state. This parameter is supported only when the instance runs PostgreSQL with cloud disks.	Modify DB Instance SSL Config.
ForceEncryption	string	Indicates whether the forceful SSL encryption feature is enabled. This parameter is supported only for ApsaraDB RDS for SQL Server instances. For more information, see Configure the SSL encryption feature. 1: enabled 0: The feature is disabled.	1
TlsVersion	string	The minimum Transport Layer Security (TLS) version. Valid values: 1.0, 1.1, and 1.2. This parameter is supported only for ApsaraDB RDS for SQL Server instances. For more information, see Configure the SSL encryption feature.	1.1

Examples

Sample success responses

JSONformat

{
  "ServerCert": "-----BEGIN CERTIFICATE-----MIID*****QqEP-----END CERTIFICATE-----",
  "ClientCACertExpireTime": "-",
  "RequireUpdateItem": "-",
  "ServerCAUrl": "-",
  "RequireUpdate": "Yes",
  "ClientCertRevocationList": "-----BEGIN X509 CRL-----MIIB****19mg==-----END X509 CRL-----",
  "SSLExpireTime": "2022-10-11T08:16:43Z",
  "CAType": "aliyun",
  "SSLCreateTime": "-",
  "ReplicationACL": "cert",
  "ACL": "cert",
  "RequestId": "7705151C-E242-55AF-9929-2A3C39D979D2",
  "LastModifyStatus": "setting",
  "SSLEnabled": "Yes",
  "ConnectionString": "rm-bp162dfr55g47****.mysql.rds.aliyuncs.com",
  "RequireUpdateReason": "-",
  "ClientCACert": "-----BEGIN CERTIFICATE-----MIID*****viXk=-----END CERTIFICATE-----",
  "ServerKey": "-----BEGIN PRIVATE KEY-----MIIE****ihfg==-----END PRIVATE KEY-----",
  "ModifyStatusReason": "Modify DB Instance SSL Config.",
  "ForceEncryption": "1",
  "TlsVersion": "1.1"
}

Error codes

HTTP status code	Error code	Error message	Description
400	InvaildEngineInRegion.ValueNotSupported	The engine is not supported in the region.	The database engine version is invalid.
400	InvalideStatus.Format	Specified Status is not valid.	-
400	Order.ComboInstanceNotAllowOperate	A package instance is not allowed to operate independently.	A package instance is not allowed to operate independently.
400	Price.PricingPlanResultNotFound	Pricing plan price result not found.	Pricing plan price result not found.
400	Order.NoRealNameAuthentication	You have not passed the real-name authentication and do not meet the purchase conditions. Please log in to the user center for real-name authentication.	You have not passed the real-name authentication and do not meet the purchase conditions. Please log in to the user center for real-name authentication.
400	InsufficientAvailableQuota	Your account quota limit is less than 0, please recharge before trying to purchase.	Your account available limit is less than 0, please recharge before trying to purchase.
400	CommodityServiceCalling.Exception	Failed to call commodity service.	Failed to call commodity service return.
400	RegionDissolvedEOM	Dear customer, Alibaba Cloud plans to optimize and adjust the current region. Cloud services in this region will cease operations. You are currently unable to operate new purchase orders. Thank you for your understanding and support.	Hello, Alibaba Cloud plans to optimize and adjust the current region. Cloud services in this region will stop operating. In order to ensure your business continuity and smooth transition of data migration, you are currently unable to operate new purchase orders. Thank you for your understanding and support.
400	Commodity.InvalidComponent	The module you purchased is not legal, please buy it again.	The module you purchased is not legal, please buy it again.
400	RegionEndTimeDissolvedIndia	Cloud services in the India (Mumbai) region will be discontinued. Set the validity date to July 15, 2024 or earlier than July 15, 2024.	Cloud services in the India (Mumbai) region will be discontinued. Set the validity date to July 15, 2024 or earlier than July 15, 2024.
400	RegionEndTimeDissolvedAustralia	Cloud services in the Australia (Sydney) region will be discontinued. Set the validity date to September 30, 2024 or earlier than September 30, 2024.	Cloud services in the Australia (Sydney) region will be discontinued. Set the validity date to September 30, 2024 or earlier than September 30, 2024.
400	Price.CommoditySys	Commodity system call exception.	Commodity system call exception.
400	Pay.InsufficientBalance	Insufficient available balance.	Insufficient available balance.
400	Order.PeriodInvalid	There is a problem with the period you selected, please choose again.	There is a problem with the period you selected, please choose again.
400	pay.noCreditCard	Account not bound to credit card.	-
400	Order.InstHasUnpaidOrder	There is an unpaid order for the service you have purchased. Please pay or void it before placing the order.	There is an unpaid order for the service you have purchased. Please pay or void it before placing the order.
400	noAvailablePaymentMethod	No payment method is specified for your account. We recommend that you add a payment method.	-
400	BasicInfoUncompleted	Your information is incomplete. Complete your information before the operation.	Your basic information is not complete, please complete your basic information before operation.
400	Risk.RiskControlRejection	Your account is abnormal, please contact customer service for details.	Your account is abnormal, please contact customer service for details.
400	BasicInfoUncompleted	Your information is incomplete, Complete your information before the operation.	-
400	Api.NotSupport	Specified api is not supported.	The current interface does not support.
400	ContainForbiddenLabelError	There is a label that prohibits placing orders. Please contact your distributor for assistance.	You cannot place the order because a tag indicates that order placement is prohibited. Contact your distributor.
400	InvalidDBInstanceId.NotFound	The DBInstanceId provided does not exist in records.	The DBInstanceId provided does not exist.
400	InvalidInstanceLevel.DiskType	Specified instance level not support request disk type	The current instance type does not support the specified storage type.
400	InvalidParam	Sepcified wal level Parameter is invalid. There are still logical slots in instance, so it can not be set as replica.	The specified wal_level parameter is invalid. There is still a copy slot in the instance, so it cannot be set to replica.
400	KmsApiError	User secret key invalid.	The user key is invalid.
400	System.SaleValidateFailed	Sales expression validation system error.	A system error occurs when the sales expression is verified.
400	Abs.InvalidAccount.NotFound	account is not found.	The account does not exist.
400	SqlExecuteFailedOrTimeout	sql command execution failed or timed out:%s.	SQL command execution failed or timed out
403	OperationDenied.DBInstanceType	The operation is not permitted due to type of the instance.	The current instance type does not support this operation.
403	InstanceEngineType.NotSupport	The instance engine and type does not support operations	The operation failed. The operation is not supported for the database engine that is run on the RDS instance.
403	IncorrectEngineVersion	Current engine version does not support operations.	The operation failed. The operation is not supported for the version of the database engine that is run on the RDS instance.
403	IncorrectDBInstanceState	Current DB instance state does not support this operation.	-
403	IncorrectDBInstanceType	Current DB instance type does not support this operation.	The operation failed. The RDS instance is not in a ready state.
403	IncorrectDBInstanceLockMode	Current DB instance lock mode does not support this operation.	The operation failed. The RDS instance is locked.
403	ConnectionStringLengthExceeded	Connection String is too long.	The endpoint is exceedingly long. Modify the endpoint and try again.
403	ResourceConfigError	The request processing has failed due to resource config error.	-
403	OrderStatus.UnPaid	The specified db instance has unpaid order.	The instance has an unpaid order. Please pay first and try again.
403	InvalidReduceDiskSize	The storage capacity after the scale-down must be larger than the used amount.	The scale-in target capacity cannot be less than the current storage space usage
403	CloudSSDNotSupport	Cloud ssd does not support this operation, please upgrade to essd.	-
403	InvalidUserOperatorPermission	The user permission does not support this operation.	The user is not authorized to perform this operation.
403	InvalidVswitchId	Specified conn vswitch id is not valid.	-
404	InvalidDBInstanceId.NotFound	The specified instance is not found.	The RDS instance cannot be found. Check whether the RDS instance is created within the logged-on account.
404	EnabledSSLNotSupport	Specified region does not support enable ssl.	SSL encryption is not supported in the region.
404	InvalidConnectionString.NotFound	Specified connection string or net type is not found.	The endpoint cannot be found. Check the endpoint.
404	InvalidClusterKms	The current instance does not authorized to access the Key Management Service.	The instance does not have permissions to access Key Management Service (KMS).
500	ExternalFailure	The request processing has failed due to external service failure.	The request processing has failed due to external service failure.

For a list of error codes, visit the Service error codes.

Change history

Change time	Summary of changes	Operation
2024-06-05	The Error code has changed	View Change Details
2023-12-20	The Error code has changed. The response structure of the API has changed	View Change Details
2022-06-23	API Description Update. The Error code has changed	View Change Details