the certificate on our RDS pSQL sb

Question

Hi, 
Trying to understand what should be done to update our certificate. Used [this](https://aws.amazon.com/blogs/aws/rotate-your-ssl-tls-certificates-now-amazon-rds-and-amazon-aurora-expire-in-2024/) blog post to look up the relevant steps. It says to update the trust store,  but I could not understand where that is, or how this should be updates. we are a small startup, and therefore don't have an in-house devops. Are there any clear description of what I should do and where?

I ran the following query, and it returned empty, does this ,mean I don't need to update anything?

```
SELECT datname, usename, ssl, client_addr 
  FROM pg_stat_ssl INNER JOIN pg_stat_activity ON pg_stat_ssl.pid = pg_stat_activity.pid
  WHERE ssl is true and usename<>'rdsadmin';
```

Riku_Kobayashi · Answer

Hello.

Since the command itself only displays the results at the time it is executed, it is difficult to guarantee that the application is not using an SSL connection.  
If nothing is displayed, it is likely that you are not using an SSL connection.  
I think it's best to use it as a reference only.  
Actually, I think it would be a good idea to check with the member who created the application to see if they are using SSL connections to connect to the database.  
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/ssl-certificate-rotation-postgresql.html  
> This query displays only the current connections at the time of the query. The absence of results doesn't indicate that no applications are using SSL connections. Other SSL connections might be established at a different time.

If you are importing to a trust store, I think the sample script described in the following document will be helpful.  
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html#UsingWithRDS.SSL-certificate-rotation-sample-script

the certificate on our RDS pSQL sb

Add your answer

Relevant content