Configure SSL encryption
更新时间:
复制 MD 格式
Enable Secure Sockets Layer (SSL) encryption and install the CA certificate on your applications to secure data in transit. SSL encrypts connections at the transport layer, which improves data security and integrity but increases connection response time.
Usage notes
- An SSL certificate expires after one year. Renew it before expiration to avoid connection failures.
- SSL encryption can significantly increase CPU utilization. Enable it only for internet-facing instances — internal network connections are generally secure.
Enable SSL encryption
Warning This operation restarts the instance. Perform it during off-peak hours to avoid service interruptions.
- Log on to the AnalyticDB for PostgreSQL console.
- In the upper-left corner of the console, select a region.
- Find the instance that you want to manage and click the instance ID.
- In the left-side navigation pane, click Security Controls.
- Click the SSL Encryption tab.
- Turn on the SSL Encryption switch.
- In the Enable SSL Encryption dialog box, click OK.
- When the SSL Encryption status changes to Enabled, click Download Certificate.
The downloaded archive contains the following files:
- .p7b file: Imports the CA certificate into Windows.
- .pem file: Imports the CA certificate into other operating systems or applications.
- .jks file: Imports the CA certificate chain into Java applications. The keystore password is
apsaradb.For JDK 7 or JDK 8, modify the following settings in the
jre/lib/security/java.securityfile on the host:jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 224 jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024Without these changes, the following error may occur due to Java security configurations.
javax.net.ssl.SSLHandshakeException: DHPublicKey does not comply to algorithm constraints
Update the validity period
Warning This operation restarts the instance. Perform it during off-peak hours to avoid service interruptions.
- Log on to the AnalyticDB for PostgreSQL console.
- In the upper-left corner of the console, select a region.
- Find the instance that you want to manage and click the instance ID.
- In the left-side navigation pane, click Security Controls.
- Click the SSL Encryption tab.
- Click Update Validity next to SSL Encryption.
- In the Update SSL Certificate Validity dialog box, click OK.
Disable SSL encryption
Warning This operation restarts the instance. Perform it during off-peak hours to avoid service interruptions.
- Log on to the AnalyticDB for PostgreSQL console.
- In the upper-left corner of the console, select a region.
- Find the instance that you want to manage and click the instance ID.
- In the left-side navigation pane, click Security Controls.
- Click the SSL Encryption tab.
- Turn off the SSL Encryption switch.
- In the Disable SSL Encryption dialog box, click OK.
API reference
| API | Description |
| DescribeDBInstanceSSL | Queries SSL encryption details for an instance. |
| ModifyDBInstanceSSL | Enables or disables SSL encryption, or updates the validity period of an SSL certificate. |
该文章对您有帮助吗?