Secure Sockets Layer (SSL) authentication is a process that authenticates the connection from the user client to the TencentDB server. After SSL encryption is enabled, you can get a CA certificate and upload it to the server. Then, when the client accesses the database, the SSL protocol will be activated to establish an SSL secure channel between the client and the server. This implements encrypted data transfer, prevents data from being intercepted, tampered with, and eavesdropped during transfer, and ultimately ensures the data security for both the client and the server.
Note
The SSL encryption is being gradually released in regions. To try it out, [submit a ticket](https://console.tencentcloud.com/workorder/category
Billing Details
SSL encryption is free of charge.
Precautions
Enabling SSL encryption ensures the security of data access and transfer but may slightly affect the instance performance. We recommend you enable it only when encryption is required.
When SSL encryption is enabled, password-free access cannot be supported.
After the SSL encryption feature is disabled, clients using encrypted connections will not be able to connect properly.
The SSL certificate is valid for 20 years.
Version and Architecture Requirements
Version Description
New instances: If the compatible version is 4.0, 5.0, or 6.2, SSL encryption can be enabled directly. To use it on v6.0, submit a ticket for application.
Existing instances:
If the compatible version is 2.8, SSL encryption can be enabled after the version is upgraded to version 4.0, 5.0, or 6.2. For more information, see Upgrading Instance Version.
If the compatible version is 4.0, 5.0, or 6.0, the feature can be enabled after the proxy version is upgraded to 5.6.0. For more information, see Upgrading Proxy.
Architecture
Both standard architectures and cluster architecture support SSL encryption.
Prerequisites
The database instance is in Running status, with no ongoing tasks.
The operation is performed in off-peak hours, or the client has an automatic reconnection mechanism.
2. Above the Instance List on the right, select the region.
3. In the instance list, find the target instance.
4. In the Instance ID/Name column of the target instance, click the instance ID to enter the Instance Details page.
5. Click the SSL Encryption tab. If the system prompts you to upgrade the version under SSL Encryption Settings, click Upgrade Version, and wait until the version is successfully upgraded.
6. After Encryption Status, click
to display Updating SSL status....
7. Wait for Encryption Status to become Enabled and click Download Certificate in the upper right corner.
8. Wait for the Enable SSL status to become Enabled and click Download Certificate.
9. In the bottom-left corner of the page, upload the obtained certificate -crt.zip to the server, and then you can access the database over SSL.
For client connection code samples, see Java Connection Sample and Python Connection Sample.
Yes
No
Was this page helpful?