百度智能云

All Product Document

          Relational Database Service

          SSL Encryption

          Feature overview

          To enhance the link security, you may enable SSL (Secure Sockets Layer) encryption, in addition to installing an SSL CA certificate to the desired application service. SSL encrypts the network connections at the transport layer, which helps ensure the data security and integrity during the transmission and rid you of worries about data transmission security. Despite this, the SSL encryption protocol leads to an increase in the network connection response time and RDS load.

          Enable/Disable SSL encryption

          Note: Instance is restarted when enabling or disabling SSL settings, so you need to operate with great care.

          1. Log in to Baidu AI Cloud management console, select “RDS”.
          2. Enter Basic Information page by a single click to target instance’s “Instance Name/ID”.

          Note: SSL encryption service is only tailored to the RDS for MySQL 5.7 dual-computer high availability version.

          1. On the left tab, select the “Security” page to enter the “Security” page.
          2. Select the SSL tag.
          3. In the “SSL settings”, enable/disable “SSL Security Access”. Change of status needs a few minutes, and see figure below for “Successful Enabling”.

          image.png

          1. After successful enabling, the system displays the protected address, client certificate’s effective date, and period of validity, etc.
          2. You may download the SSL CA certificate by single-click to “Download CA Certificate” at the lower part of the page shown on the figure above.

          Configure CA Certificate

          After enabling SSL encryption, the SSL CA certificate needs to be configured in case of an application or client’s connection to the RDS. MySQL Workbench is taken as an example to introduce the SSL CA certificate configuration method.

          1. Open MySQL Workbench
          2. Select Database>Manage Connections...
          3. Click the SSL tab to import the SSL CA certificate. See the figure below.

          Previous
          DB Firewall
          Next
          TDE