SSL/TLS CA certification expiration


Hello everyone, I am getting notification for my rds instance, This is a follow-up notification for SSL/TLS CA certification expiration. If you believe you have already finished this work and still received this email it is likely because you created new instances using the 2019 CA. All newly created instances that don’t explicitly specify a different CA will use the 2019 CA until January 25, 2024 when the default will be switched to rds-ca-rsa2048-g1. For information on setting an account level CA override see the modify-certificates API documentation . If your applications connect to these instances using the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol, you will need to take action before August 22, 2024 to prevent connectivity failures to your existing database instances. Even if you do not currently use SSL for your connections, you could still be affected if your databases server certificate expires, so we still recommend updating your CA.

Actually I updated the certificate and I am getting the expiration date 5th Feb 2027 for the same. I am adding a snap for reference.

I don't know why I am getting this notification on my console even after updating certificate. Do I need to take care of something else too. Please provide assistance into this.

Enter image description here

2 Answers


If the target RDS is not listed in "Certificate update" at the bottom left of the RDS console, I think there is no need to take any action.

If the certificate is still displayed under "Certificate update" even though it has already been updated, I recommend that you open a case with AWS Support under "Account and billing".
Inquiries under "Account and billing" can be made free of charge.

profile picture
answered 22 days ago
profile picture
reviewed 22 days ago

You have more information about this issue and other related issues regarding certificates in Amazon RDS here (even if the post is for an old certificate, the troubleshooting is similar):

How do I know which of my RDS DB instances are using the old certificate?

On the left navigation panel in the RDS console, there is now a Certificate update tab. Choose the tab to show a temporary page with your affected DB instances. This page will only show your affected DB instances when you select the appropriate AWS Region (if you switch to an AWS Region without affected DB instances, your table will be empty).

answered 22 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions