As a DBaaS (Database as a Service) provider, we prioritize the security and privacy of
our customers' data. To ensure secure communication between client applications
and the databases provisioned through our control plane, we offer SSL (Secure
Sockets Layer) connectivity options. Below is an overview of our SSL certificate
management process.
SSL Certificate Generation
Root CA Certificate Generation
At the tenant level, we generate a self-signed root CA (Certificate Authority)certificate. This root CA certificate serves as the highest level of trust within the SSL/TLS (Transport Layer Security) infrastructure.
Each tenant receives a unique root CA certificate, ensuring isolation and security at the individual customer level.
The root CA certificate has a predefined expiry time of 5 years, providing long-term validity and stability for SSL connections.
CA Certificate Generation for DB Services
For each managed database service provisioned through our control plane, we generate a unique CA certificate signed by the corresponding tenant's rootCA certificate.
These CA certificates serve as intermediaries, allowing for the issuance of SSL certificates specific to each DB service.
By generating individual CA certificates for each DB service, we ensure granularity and security, enabling precise control over SSL connectivity.
Implementation and Benefits
Secure Communication: SSL certificates, issued by individual CA certificates, encrypt data transmitted between client applications and managed databases, protecting it from interception and unauthorized access.
Authentication: The use of CA certificates enables mutual authentication between client applications and database services, ensuring the integrity of the communication channel.
Isolation: Each tenant's SSL infrastructure is isolated, with unique root CA certificates generated per tenant. This ensures that certificates and private keys are not shared across tenants, enhancing security and compliance.
Long-term Validity: The root CA certificate's 5-year expiry time provides stability and continuity for SSL connections, minimizing the need for frequent certificate renewal and maintenance.
Customization: Our SSL certificate management process is flexible, allowing for customization based on tenant requirements and security policies.
Conclusion
By offering SSL connectivity options with individualized CA certificate management, we uphold the highest standards of security and privacy for our customers' data. Our robust SSL infrastructure, including self-signed root CA certificates and individually generated CA certificates for DB services, ensures encrypted communication and trustworthiness, reinforcing our commitment to delivering a secure and reliable DBaaS solution.