This page describes how to manage your server certificates.
Using encrypted connections
Learn more about how SQLServer uses encrypted connections .
Managing server certificates
Getting information about a server certificate
You can get information about your server certificate, such as when it expires
or what level of encryption it provides.
Console
Go to the Cloud SQL Instances page in the Google Cloud Console.
Go to the Cloud SQL Instances page
Click the instance name to open its Instance details page.
Click the Connections link in the left navigation pane.
Scroll down to the Configure SSL server certificates section.
You can see the expiration date of your server certificate in the
table.
To see the certificate type, use the
gcloud beta sql ssl server-ca-certs list --instance=[INSTANCE_NAME] command.
gcloud
gcloud beta sql ssl server-ca-certs list --instance=[INSTANCE_NAME]
REST
You can see details about the server certificate when you describe your
instance:
Before using any of the request data below,
make the following replacements:
project-id : The project IDinstance-id : The instance ID
HTTP method and URL:
GET https://www.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id ?fields=serverCaCert
To send your request, expand one of these options:
curl (Linux, macOS, or Cloud Shell)
Execute the following command:
curl -X GET \project-id /instances/instance-id ?fields=serverCaCert
PowerShell (Windows)
Execute the following command:
$cred = gcloud auth print-access-tokenproject-id /instances/instance-id ?fields=serverCaCert" | Select-Object -Expand Content
You should receive a JSON response similar to the following:
Response
{
"serverCaCert":
{
"kind": "sql#sslCert",
"certSerialNumber": "cert-serial-number ",
"cert": "cert-value -",
"commonName": "ca-server-name ",
"sha1Fingerprint": "sha1Fingerprint ",
"instance": "instance-id ",
"createTime": "2020-02-10T17:18:54.935Z",
"expirationTime": "2030-02-07T17:19:54.935Z"
}
}
Resetting the SSL/TLS configuration
You can completely reset your SSL/TLS configuration.
Caution: Performing this action removes the ability to connect to your instance
using SSL/TLS until you create new client certificates to replace any
that were previously in use.
gcloud
Refresh the certificate:
gcloud sql instances reset-ssl-config [INSTANCE_NAME]
REST
Refresh the certificate:
Before using any of the request data below,
make the following replacements:
project-id : The project IDinstance-id : The instance ID
HTTP method and URL:
POST https://www.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id /resetSslConfig
To send your request, expand one of these options:
curl (Linux, macOS, or Cloud Shell)
Execute the following command:
curl -X POST \project-id /instances/instance-id /resetSslConfig
PowerShell (Windows)
Execute the following command:
$cred = gcloud auth print-access-tokenproject-id /instances/instance-id /resetSslConfig" | Select-Object -Expand Content
You should receive a JSON response similar to the following:
Response
{
"kind": "sql#operation",
"targetLink": "https://www.googleapis.com/sql/v1beta4/projects/project-id /instances/instance-id ",
"status": "PENDING",
"user": "user@example.com",
"insertTime": "2020-01-20T21:30:35.667Z",
"operationType": "UPDATE",
"name": "operation-id ",
"targetId": "instance-id ",
"selfLink": "https://www.googleapis.com/sql/v1beta4/projects/project-id /operations/operation-id ",
"targetProject": "project-id "
}
What's next
