メインコンテンツまでスキップ
バージョン: User Guides (BYOC)

FAQ: Security

This topic covers potential issues related to data security on the Zilliz Cloud platform, including certificate authority, certificate validity period, procedures for checking certificate expiration, supported Transport Layer Security (TLS) versions, and authentication methods.

Contents

FAQs

What is the certificate authority for Zilliz Cloud cluster endpoints?

Zilliz Cloud uses Let's Encrypt to issue and sign the certificates for Zilliz Cloud clusters hosted on AWS, Google Cloud Platform (GCP), and Microsoft Azure.

Additionally, Zilliz Cloud employs AWS Certificate Manager (ACM) to issue and rotate certificates for Zilliz Cloud clusters on AWS.

What is the certificate validity period for my Zilliz Cloud cluster?

The certificate issued for any of your Zilliz Cloud clusters will be valid for 90 days from the date of issue and will be automatically rotated 30 days before the expiration date.

How can I check whether a certificate expires?

You can run the following command to check whether a Zilliz Cloud cluster's certificate expires.

The following example command assumes that you have created a cluster in GCP and that its instance ID is inxx-xxxxxxxxxxxxxxxxx. Ensure that the target cluster endpoint ends with the correct port number, such as :443.

echo | openssl s_client -showcerts -connect inxx-xxxxxxxxxxxxxxxxx.gcp-us-west1.vectordb.zillizcloud.com:443 2> /dev/null | openssl x509 -noout -enddate

The command output would be similar to the following:

notAfter=Jul  7 06:58:17 2025 GMT

Which TLS versions are supported on Zilliz Cloud?

For security reasons, Zilliz Cloud supports only TLS 1.2 and TLS 1.2+. TLS 1.0 and TLS 1.1 are not supported.

Does Zilliz Cloud support mTLS?

Zilliz Cloud currently supports only one-way TLS authentication and does not support two-way TLS authentication.