What do I need to do to update my SSL/TLS certificate for an Amazon RDS DB instance or Aurora DB cluster?

Short Description

Amazon RDS and Aurora SSL/TLS certificates that were created before January 14, 2020 are expiring on March 5, 2020. If your certificate expires, you can lose connectivity to your RDS DB instance or Aurora DB cluster.

Resolution

To find out whether your applications connect to Amazon RDS databases using SSL/TLS and for other troubleshooting steps, see the following AWS Database Blog post: Update your SSL/TLS certificates by March 5, 2020.

To rotate your SSL/TLS certificate, first update your client application or service to include the new CA certificates in its trust store using the combined bundle that contains both the new and the old CA certificates. Then, update your RDS DB instances to use the new CA certificates. It's important to test the client and server before deploying the new SSL/TLS certificate to your production environment. For complete instructions for updating your SSL/TLS certificates, see the following:

• Rotating Your SSL/TLS Certificate for Amazon RDS
• Rotating Your SSL/TLS Certificate for Amazon Aurora

Related Information

Using SSL/TLS to Encrypt a Connection to a DB Instance