1 Answer
- Newest
- Most votes
- Most comments
0
If it's the same email that I got then the important bit is:
- Now through August 22, 2024 - you can update client trust store at any time, then you can update your instances server certificate to one generated by one of the new CA’s.
The steps to do this are here https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html#UsingWithRDS.SSL-certificate-rotation-updating
Note that it requires a restart of the RDS instance, which obviously implies a short outage window.
The other important bit of the email is that you have ten months to do this:
- Staring August 22, 2024 - the 2019 CA will expire. You will need to take action before August 22, 2024 to prevent connectivity failures to your existing database instances.
Relevant content
- asked 6 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 months ago
What is a 'client trust store' and where is it? Is it something I manage? I do not remember setting up anything like this.
What is my "instance's server certificate"? I don't know what that means or where it is. I do not remember setting up a certificate.
Your database was automatically created with the - at the time - current certificate. These aren't indefinite, and this one expires in August next year.
The purpose of the certificate is so that when your client makes a connection to the database, the database proves its identity by presenting this cert to the client. The client checks that the Certificate Authority (CA) which signed the cert is in its trusted CA bundle.
Yes, that will keep the bundle updated with the latest trusted CAs.
It's worth mentioning that if you are not using a secure connection (only you will know if this applies to your use case) then a certificate is never presented in the first place, so strictly-speaking you wouldn't need to do anything. Although the email from AWS does caution against this:
The process for doing this is in the link in the answer above.