Using SSL for Cloud Database instances#
SSL (Secure Sockets Layer) is a security protocol that uses encryption technology to ensure that your sensitive information sent over the internet is protected.
Cloud Databases installs a certificate on the database instance at the time of provisioning.
All database instances created before October 20, 2014 should be restarted before accepting SSL connections.
To use SSL, perform the following steps:
For encrypting connections using SSL, download the certificate from one of the following URLs:
- For servers created before March 1, 2016: http://ssl.rackspaceclouddb.com/ca-cert.pem.
- For servers created on or after March 1, 2016: http://ssl.rackspaceclouddb.com/rackspace-ca-2016.pem.
To use SSL with the default MySQL command line, pass the downloaded SSL certificate to the client at startup:
For additional information, see the MySQL documentation.
(Optional) To set up restrictions on a user to require SSL for communicating with the database, MySQL supports GRANT statement modifier “REQUIRE SSL”. For example, to restrict ‘database_user’ to read, write, delete on prod_database only using secure SSL connection, login to MySQL as root and then issue the following command:
GRANT SELECT, INSERT, UPDATE, DELETE ON prod_database.* TO 'database_user'@'%' REQUIRE SSL;
If the user already exists, you must revoke all existing privileges for the user and then use the preceding grant statement to give appropriate privileges to the user. Then remember to FLUSH PRIVILEGES to make the privilege changes take effect.
Using SSL encryption is a resource intensive operation and may have some impact on the latency of your database connection.