Use SSL with your Cloud Databases Instance

Secure Sockets Layer (SSL), a security protocol that uses encryption technology to protect sensitive information on the Internet, enables users of a website to divulge personal information, such as credit card numbers, Social Security numbers, usernames, and passwords. By making an SSL connection to your database, customers can trust that their data is encrypted when the system sends it to and from your web application.


Using SSL encryption is resource-intensive and might impact the latency of your database connection.

Download the CA certificate

Cloud Databases configures your database instance to support the use of SSL when you provision the instance. To encrypt data in transit by using SSL, your database connections need to use an SSL certificate associated with Cloud Databases.

Follow this link to download the latest SSL certificate.

Your applications should use the downloaded certificate as the Certificate Authority (CA) certificate for SSL connections to your database.

Use the certificate with a MySQL client

To make SSL connections by using the mysql command-line client, execute the following command to specify the location of the certificate when you start the client:

mysql --ssl-ca=/path/to/ca-cert.pem

You can find more information about using SSL with MySQL® in the MySQL 8.0 documentation.

Require SSL connections

You can restrict a user to require SSL when communicating with the database. MySQL supports the GRANT statement modifier REQUIRE SSL. For example, to restrict database_user to have read, write, and delete permissions for prod_database only when connected with an SSL connection, log in to MySQL as root and then issue the following command:

GRANT SELECT, INSERT, UPDATE, DELETE ON prod_database.* TO 'database_user'@'%' REQUIRE SSL;


If the user already exists, you must revoke all existing privileges for the user and then use the preceding GRANT statement to give the appropriate privileges to the user.

Remember to run a FLUSH PRIVILEGES for the database to make the privilege change take effect.

Use the Feedback tab to make any comments or ask questions. You can also start a conversation with us.