SSL Encryption
Feature overview
To enhance the link security, you may enable SSL (Secure Sockets Layer) encryption, in addition to installing an SSL CA certificate to the desired application service. SSL encrypts the network connections at the transport layer, which helps ensure the data security and integrity during the transmission and rid you of worries about data transmission security. Despite this, the SSL encryption protocol leads to an increase in the network connection response time and RDS load.
Enable/Disable SSL encryption
Note: Instance is restarted when enabling or disabling SSL settings, so you need to operate with great care.
- Log in to Baidu AI Cloud management console, select “RDS”.
- Enter Basic Information page by a single click to target instance’s “Instance Name/ID”.
Note: SSL encryption service is only tailored to the RDS for MySQL 5.7 dual-computer high availability version.
- On the left tab, select the “Security” page to enter the “Security” page.
- Select the SSL tag.
- In the “SSL settings”, enable/disable “SSL Security Access”. Change of status needs a few minutes, and see figure below for “Successful Enabling”.
- After successful enabling, the system displays the protected address, client certificate’s effective date, and period of validity, etc.
- You may download the SSL CA certificate by single-click to “Download CA Certificate” at the lower part of the page shown on the figure above.
Configure CA Certificate
After enabling SSL encryption, the SSL CA certificate needs to be configured in case of an application or client’s connection to the RDS. MySQL Workbench is taken as an example to introduce the SSL CA certificate configuration method.
- Open MySQL Workbench
- Select Database>Manage Connections...
- Click the SSL tab to import the SSL CA certificate. See the figure below.