- Newest
- Most votes
- Most comments
Hi,
If you open the AWS console and navigate to RDS you will see Certificate Update as the last entry in the menu on the left side. This will open a list of all RDS instances still running with a certificate signed by the expired CA.
There you will also find a link to the documentation of RDS (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html) and Aurora (http://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL-certificate-rotation.html) regarding the CA rotation.
This pages also contain sample scripts for adding the new CA bundles to the trust store of Linux or macOS.
The URL for the new CA certificate bundle is: https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem
Relevant content
- asked 7 months ago
- asked 4 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 20 days ago
- AWS OFFICIALUpdated 6 months ago
There is no 'Certificate Update' on ap-east-1 RDS left side menu. To update the cert authority in ap-east-1, will need to modify the instance. which is the step 'Updating your CA certificate by modifying your DB instance' from http://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL-certificate-rotation.html