All Products
Search
Document Center

ApsaraDB RDS:ModifyDBInstanceSSL

Last Updated:Dec 05, 2024

Modifies the SSL encryption settings of an instance.

Operation description

Supported database engines

  • MySQL
  • PostgreSQL
  • SQL Server

References

Note Before you call this operation, read the following documentation and make sure that you fully understand the prerequisites and impacts of this operation.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
rds:ModifyDBInstanceSSLupdate
*DBInstance
acs:rds:{#regionId}:{#accountId}:dbinstance/{#dbinstanceId}
  • rds:ResourceTag
  • rds:SSLEnabled
none

Request parameters

ParameterTypeRequiredDescriptionExample
DBInstanceIdstringYes

The instance ID. You can call the DescribeDBInstances operation to query the instance ID.

rm-uf6wjk5xxxxxxx
ConnectionStringstringYes

The internal or public endpoint for which the server certificate needs to be created or updated.

rm-uf6wjk5xxxxx.mysql.rds.aliyuncs.com
SSLEnabledintegerNo

Specifies whether to enable or disable the SSL encryption feature. Valid values:

  • 1: enables the feature.
  • 0: disables the feature.
1
CATypestringNo

The type of the server certificate. This parameter is supported only when the instance runs MySQL or PostgreSQL with cloud disks. If you set SSLEnabled to 1, the default value of this parameter is aliyun. Valid values:

  • aliyun: a cloud certificate
  • custom: a custom certificate
aliyun
ServerCertstringNo

The content of the server certificate. This parameter is supported only when the instance runs PostgreSQL with cloud disks. This parameter must be specified when CAType is set to custom.

-----BEGIN CERTIFICATE-----MIID*****QqEP-----END CERTIFICATE-----
ServerKeystringNo

The private key of the server certificate. This parameter is supported only when the instance runs PostgreSQL with cloud disks. This parameter must be specified when CAType is set to custom.

-----BEGIN PRIVATE KEY-----MIIE****ihfg==-----END PRIVATE KEY-----
ClientCAEnabledintegerNo

Specifies whether to enable the public key of the CA that issues client certificates. This parameter is supported only when the instance runs PostgreSQL with cloud disks. Valid values:

  • 1: enables the public key.
  • 0: disables the public key.
1
ClientCACertstringNo

The public key of the CA that issues client certificates. This parameter is supported only when the instance runs PostgreSQL with cloud disks. This parameter must be specified when ClientCAEbabled is set to 1.

-----BEGIN CERTIFICATE-----MIID*****viXk=-----END CERTIFICATE-----
ClientCrlEnabledintegerNo

Specifies whether to enable a certificate revocation list (CRL) that contains revoked client certificates. This parameter is supported only when the instance runs PostgreSQL with cloud disks. In addition, this parameter is available only when the public key of the CA that issues client certificates is enabled. Valid values:

  • 1: enables the CRL.
  • 0: disables the CRL.
1
ClientCertRevocationListstringNo

The CRL that contains revoked client certificates. This parameter is supported only when the instance runs PostgreSQL with cloud disks. This parameter must be specified when ClientCrlEnabled is set to 1.

-----BEGIN X509 CRL-----MIIB****19mg==-----END X509 CRL-----
ACLstringNo

The method that is used to verify the identities of clients. This parameter is supported only when the instance runs PostgreSQL with cloud disks. In addition, this parameter is available only when the public key of the CA that issues client certificates is enabled. Valid values:

  • cert
  • prefer
  • verify-ca
  • verify-full (supported only when the instance runs PostgreSQL 12 or later)
cert
ReplicationACLstringNo

The method that is used to verify the replication permission. This parameter is supported only when the instance runs PostgreSQL with cloud disks. In addition, this parameter is available only when the public key of the CA that issues client certificates is enabled. Valid values:

  • cert
  • prefer
  • verify-ca
  • verify-full (supported only when the instance runs PostgreSQL 12 or later)
cert
ForceEncryptionstringNo

Specifies whether to enable the forceful SSL encryption feature. This parameter is supported only for ApsaraDB RDS for SQL Server instances. For more information, see Configure the SSL encryption feature. Valid values:

  • 1: enables the feature.
  • 0: disables the feature.
1
TlsVersionstringNo

The minimum Transport Layer Security (TLS) version. Valid values: 1.0, 1.1, and 1.2. This parameter is supported only for ApsaraDB RDS for SQL Server instances. For more information, see Configure the SSL encryption feature.

1.1
CertificatestringNo

The custom certificate. The custom certificate is in the PFX format.

  • Public endpoint: oss-<The ID of the region>.aliyuncs.com:<The name of the bucket>:<The name of the certificate file (The file name contains the extension.)>
  • Internal endpoint: oss-<The ID of the region>-internal.aliyuncs.com:<The name of the bucket>:<The name of the certificate file (The file name contains the extension.)>
oss-cn-beijing-internal.aliyuncs.com:zhttest:test.pfx
PassWordstringNo

The password of the certificate.

zht123456

Response parameters

ParameterTypeDescriptionExample
object

The response parameters.

RequestIdstring

The ID of the request.

777C4593-8053-427B-99E2-105593277CAB

Examples

Sample success responses

JSONformat

{
  "RequestId": "777C4593-8053-427B-99E2-105593277CAB"
}

Error codes

HTTP status codeError codeError messageDescription
400InvalidServerCertOrPrivateKeySpecify server certificate or private key is invalid.The server certificate type or the private key is invalid.
400InvalidClientCACertSpecify client ca certificate is invalid.The client CA certificate is invalid.
400InvalidClientCrlSpecify client certificate revocation list is invalid.The client CRL is invalid.
400InvalidCAType.NotFoundSpecify ca type is not found.The server certificate type is invalid.
400InvalidACL.NotFoundSpecify acl is not found.The access control type is invalid.
400InvalidSSLStatusSpecify ssl status is invalid.The operation failed. The setting of SSL encryption is invalid.
400IncorrectDBSslStatusSpecified DB SSLStatus does not support this operation.The specified database SSL status is invalid.
400InvalidModifyMode.FormatSpecified modify mode is not valid.-
400Order.ComboInstanceNotAllowOperateA package instance is not allowed to operate independently.A package instance is not allowed to operate independently.
400Price.PricingPlanResultNotFoundPricing plan price result not found.Pricing plan price result not found.
400Order.NoRealNameAuthenticationYou have not passed the real-name authentication and do not meet the purchase conditions. Please log in to the user center for real-name authentication.You have not passed the real-name authentication and do not meet the purchase conditions. Please log in to the cost and cost for real-name authentication.
400InsufficientAvailableQuotaYour account quota limit is less than 0, please recharge before trying to purchase.Your account available limit is less than 0, please recharge before trying to purchase.
400CommodityServiceCalling.ExceptionFailed to call commodity service.Failed to call commodity service return.
400RegionDissolvedEOMDear customer, Alibaba Cloud plans to optimize and adjust the current region. Cloud services in this region will cease operations. You are currently unable to operate new purchase orders. Thank you for your understanding and support.Hello, Alibaba Cloud plans to optimize and adjust the current region. Cloud services in this region will stop operating. In order to ensure your business continuity and smooth transition of data migration, you are currently unable to operate new purchase orders. Thank you for your understanding and support.
400Commodity.InvalidComponentThe module you purchased is not legal, please buy it again.The module you purchased is not legal, please buy it again.
400RegionEndTimeDissolvedIndiaCloud services in the India (Mumbai) region will be discontinued. Set the validity date to July 15, 2024 or earlier than July 15, 2024.Hello customer, this area has been abolished.
400RegionEndTimeDissolvedAustraliaCloud services in the Australia (Sydney) region will be discontinued. Set the validity date to September 30, 2024 or earlier than September 30, 2024.Hello customer, this area has been abolished.
400Price.CommoditySysCommodity system call exception.Commodity system call exception.
400Pay.InsufficientBalanceInsufficient available balance.Insufficient available balance.
400Order.PeriodInvalidThere is a problem with the period you selected, please choose again.There is a problem with the period you selected, please choose again.
400pay.noCreditCardAccount not bound to credit card.-
400Order.InstHasUnpaidOrderThere is an unpaid order for the service you have purchased. Please pay or void it before placing the order.There is an unpaid order for the service you have purchased. Please pay or void it before placing the order.
400noAvailablePaymentMethodNo payment method is specified for your account. We recommend that you add a payment method.-
400BasicInfoUncompletedYour information is incomplete. Complete your information before the operation.Your basic information is not complete, please complete your basic information before operation.
400Risk.RiskControlRejectionYour account is abnormal, please contact customer service for details.Your account is abnormal, please contact customer service for details.
400BasicInfoUncompletedYour information is incomplete, Complete your information before the operation.-
400Api.NotSupportSpecified api is not supported.The current interface does not support.
400ContainForbiddenLabelErrorThere is a label that prohibits placing orders. Please contact your distributor for assistance.You cannot place the order because a tag indicates that order placement is prohibited. Contact your distributor.
400InvalidDBInstanceId.NotFoundThe DBInstanceId provided does not exist in records.The DBInstanceId provided does not exist.
400InvalidInstanceLevel.DiskTypeSpecified instance level not support request disk typeThe current instance type does not support the specified storage type.
400InvalidParamSepcified wal level Parameter is invalid. There are still logical slots in instance, so it can not be set as replica.The specified wal_level parameter is invalid. There is still a copy slot in the instance, so it cannot be set to replica.
400KmsApiErrorUser secret key invalid.The user key is invalid.
400System.SaleValidateFailedSales expression validation system error.A system error occurs when the sales expression is verified.
400Abs.InvalidAccount.NotFoundaccount is not found.The account does not exist.
400SqlExecuteFailedOrTimeoutsql command execution failed or timed out:%s.SQL command execution failed or timed out
400ColdData.EngineVersionNotSupportThe current instance engine version not support coldDataEnabled.The current instance engine version not support coldDataEnabled.
400ColdData.MinorVersionNotSupportThe current instance minor version not support coldDataEnabled.The current instance minor version not support coldDataEnabled.
400IncorrectTargetClasscodeThe current instance type does not support this operation.This operation is not supported by the instance type.
400InvalidConnectionString.DuplicateSpecified connection string already exists in the RDS.The link address name is duplicate. Please reset the connection string.
400RequiredParam.NotFoundRequired input param is not found.-
400Parameters.InvalidParameter error, please check the parameters.Parameter error, please check the parameters.
400BackupPolicyNotSupportCold Data won't open with CrossBackup or Flash Backup, please check Backup Policy.Cold Data won't open with CrossBackup or Flash Backup, please check Backup Policy.
400InvalideStatus.FormatThe instance status does not support this operation.-
400InvalidReleasedKeepPolicy.FormatSpecified Released Keep Policy is not valid.Specified Released Keep Policy is not valid.
400InvalidDBInstanceEngineType.Formatthe DB instance engine type does not support this operation.This operation is not supported for the database engine of the instance.
400Pay.NoCreditCardNo credit cards.No credit cards.
400VpcNetworkTypeNotSupportThe vpc network type instance does not support this operation.The vpc network type instance does not support this operation.
400MirrorInsExistsSpecified DB instance mirror ins already existed.Specified DB instance mirror ins already existed.
400UnsupportedClassCodeThe specified DB instance class stops selling.The specified DB instance class stops selling.
400InvalidBackupSetThe specified database does not exist in the backup set.The specified database does not exist in the backup set.
400OrdTCommodityQueryErrorFailed to query for product.Failed to query product.
403InvalidClientCrl.PermissionClient ca certificate is set first if need to set client certificate revocation list.The operation failed due to permission errors. Configure the client CA certificate and try again.
403InvalidACL.PermissionClient ca certificate is set first if need to set acl.The operation failed. Configure the client CA certificate and try again.
403OrderStatus.UnPaidThe specified db instance has unpaid order.The instance has an unpaid order. Please pay first and try again.
403InvalidReduceDiskSizeThe storage capacity after the scale-down must be larger than the used amount.The scale-in target capacity cannot be less than the current storage space usage
403CloudSSDNotSupportCloud ssd does not support this operation, please upgrade to essd.-
403InvalidUserOperatorPermissionThe user permission does not support this operation.The user is not authorized to perform this operation.
403InvalidVswitchIdSpecified conn vswitch id is not valid.-
403IncorrectMinorVersionCurrent engine minor version does not support operations.This operation is not supported for the current minor engine version.
403OperationDenied.ZoneResourceThere is no available zone for inventory.There is no available zone for inventory.
403NotInFlowControllerSorry,no permission.Sorry,no permission.
403InvalidKmsKeyKms key is disabled.-
403InvalidInstanceLevel.MalformedCurrent DB instance level does not support this operation.The specified database instance type does not support this operation.
404Endpoint.NotFoundSpecified endpoint is not existed.-
404InvalidClusterKmsThe current instance does not authorized to access the Key Management Service.The instance does not have permissions to access Key Management Service (KMS).
404Request.NotFoundThe requested resource is not available.The requested resources are unavailable.
404HostInfo.NotFoundThe specified host info is not found.-
500ExternalFailureThe request processing has failed due to external service failure.The request processing has failed due to external service failure.
500RequestMetaDataFailedThe service request failed. Please try again later or contact service personnel.The service request failed. Please try again later or contact service personnel.
500InvokeProxyFailureThe request processing has failed due to service failure of rds api.The request failed to be processed due to an RDS API failure.

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
2024-02-27The Error code has changed. The request parameters of the API has changedView Change Details
2023-12-20The Error code has changed. The request parameters of the API has changedView Change Details
2023-09-08The Error code has changedView Change Details
2022-06-23API Description Update. The Error code has changedView Change Details