Managing SSL/TLS certificates

This page describes how to manage your server certificates.

Using encrypted connections

Learn more about how SQLServer uses encrypted connections.

Managing server certificates

Getting information about a server certificate

You can get information about your server certificate, such as when it expires or what level of encryption it provides.

Console

  1. In the Google Cloud Console, go to the Cloud SQL Instances page.

    Go to Cloud SQL Instances

  2. Click the instance name to open its Overview page.
  3. Select Connections from the SQL navigation menu.
  4. Scroll down to the Security section.

    Below Manage server certificates, you can see the expiration date of your server certificate in the table.

    To see the certificate type, use the gcloud beta sql ssl server-ca-certs list --instance=INSTANCE_NAME command.

gcloud

gcloud beta sql ssl server-ca-certs list \
--instance=INSTANCE_NAME

REST v1beta4

You can see details about the server certificate when you describe your instance:

Before using any of the request data below, make the following replacements:

  • project-id: The project ID
  • instance-id: The instance ID

HTTP method and URL:

GET https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id/instances/instance-id?fields=serverCaCert

To send your request, expand one of these options:

You should receive a JSON response similar to the following:

Resetting the SSL/TLS configuration

You can completely reset your SSL/TLS configuration.

Console

  1. In the Google Cloud Console, go to the Cloud SQL Instances page.

    Go to Cloud SQL Instances

  2. Click the instance name to open its Overview page.
  3. Select Connections from the SQL navigation menu.
  4. Scroll down to the Reset SSL configuration section.
  5. Click Reset SSL Configuration.

gcloud

  1. Refresh the certificate:

    gcloud sql instances reset-ssl-config INSTANCE_NAME
    

REST v1beta4

  1. Refresh the certificate:

    Before using any of the request data below, make the following replacements:

    • project-id: The project ID
    • instance-id: The instance ID

    HTTP method and URL:

    POST https://sqladmin.googleapis.com/sql/v1beta4/projects/project-id/instances/instance-id/resetSslConfig

    To send your request, expand one of these options:

    You should receive a JSON response similar to the following:

What's next