By using AWS re:Post, you agree to the Terms of Use

RDS - rds-ap-east-1 ssl bundle certificate expired

1

I'm using rds-combined-ca-bundle.pem to connect to a PostgreSQL instance on ap-east-1, I originally downloaded the file from https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem.

The CA level cert expired on Jun 1 12:00:00 2022 GMT, and the certificates in other links for the global bundles / ap-east-1 on https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html also have the same expiry date, where can I find a newer one?

1 Answers
1

Hi,

If you open the AWS console and navigate to RDS you will see Certificate Update as the last entry in the menu on the left side. This will open a list of all RDS instances still running with a certificate signed by the expired CA.

There you will also find a link to the documentation of RDS (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html) and Aurora (http://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL-certificate-rotation.html) regarding the CA rotation.
This pages also contain sample scripts for adding the new CA bundles to the trust store of Linux or macOS.

The URL for the new CA certificate bundle is: https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem

EXPERT
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions