1 Answer
- Newest
- Most votes
- Most comments
1
Hello,
Yes, Before applying the new certificate to your DB instances, update the trust store of any clients and applications that use SSL/TLS and the server certificate for connections.
To check if the application using SSL connection, please check this documentation https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/ssl-certificate-rotation-postgresql.html#ssl-certificate-rotation-postgresql.determining-server
You can download the TLS/SSL certificates from the following link: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html#UsingWithRDS.SSL.CertificatesAllRegions
Reference:
Relevant content
- asked 5 months ago
- asked a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 years ago
Hi Sivaraman, thank you for your quick reply and help. Regarding, "update the trust store of any clients and applications that use SSL/TLS and the server certificate for connections." beside the RDS instances, we have our application running on hundreds of apple I-phones. How would we get the downloaded "global-bundle.pem" to those devices? Thank you for your time and help! Best Regards, Donald
Are you sure your iPhones have DIRECT access to the database? That would be very unsual for an application. Plus rds-ca-2019 is unlikely to be on your iphones anyway..
Right, of course Gary. Yeah the iPhones would not direct access to the dbs. I'm new to the dev shop in my company and glad I asked here vs in a meeting! Thanks! Donald