Skip to main content
All CollectionsGeneralSecurity
How are SSL Certificates configured for databases?
How are SSL Certificates configured for databases?
Bakul Banthia avatar
Written by Bakul Banthia
Updated over 10 months ago

As a DBaaS (Database as a Service) provider, we prioritize the security and privacy of

our customers' data. To ensure secure communication between client applications

and the databases provisioned through our control plane, we offer SSL (Secure

Sockets Layer) connectivity options. Below is an overview of our SSL certificate

management process.

SSL Certificate Generation

Root CA Certificate Generation

  • At the tenant level, we generate a self-signed root CA (Certificate Authority)certificate. This root CA certificate serves as the highest level of trust within the SSL/TLS (Transport Layer Security) infrastructure.

  • Each tenant receives a unique root CA certificate, ensuring isolation and security at the individual customer level.

  • The root CA certificate has a predefined expiry time of 5 years, providing long-term validity and stability for SSL connections.

CA Certificate Generation for DB Services

  • For each managed database service provisioned through our control plane, we generate a unique CA certificate signed by the corresponding tenant's rootCA certificate.

  • These CA certificates serve as intermediaries, allowing for the issuance of SSL certificates specific to each DB service.

  • By generating individual CA certificates for each DB service, we ensure granularity and security, enabling precise control over SSL connectivity.

Implementation and Benefits

Secure Communication: SSL certificates, issued by individual CA certificates, encrypt data transmitted between client applications and managed databases, protecting it from interception and unauthorized access.

Authentication: The use of CA certificates enables mutual authentication between client applications and database services, ensuring the integrity of the communication channel.

Isolation: Each tenant's SSL infrastructure is isolated, with unique root CA certificates generated per tenant. This ensures that certificates and private keys are not shared across tenants, enhancing security and compliance.

Long-term Validity: The root CA certificate's 5-year expiry time provides stability and continuity for SSL connections, minimizing the need for frequent certificate renewal and maintenance.

Customization: Our SSL certificate management process is flexible, allowing for customization based on tenant requirements and security policies.

Conclusion

By offering SSL connectivity options with individualized CA certificate management, we uphold the highest standards of security and privacy for our customers' data. Our robust SSL infrastructure, including self-signed root CA certificates and individually generated CA certificates for DB services, ensures encrypted communication and trustworthiness, reinforcing our commitment to delivering a secure and reliable DBaaS solution.

Did this answer your question?