Certificate issue in RDS "Preview environment"

0

The old CA certificates (rds-ca-2019) have expired as of August 21st, and the instructions to update them on RDS instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html) aren't working on databases in the Preview Environment.

As an example, I'm working on testing some features in MySQL 8.4 in the RDS Preview Environment, but can't connect to my instance using TLS because of the expired certs. The option to upgrade to the new certs is not available in the Modify page. Is this a bug?

asked 13 days ago53 views
2 Answers
2

Hello.

Have you tried making changes from the AWS CLI instead of from the management console?
Try the command below.
https://awscli.amazonaws.com/v2/documentation/api/latest/reference/rds/modify-db-instance.html

aws rds modify-db-instance \
    --db-instance-identifier mydbinstance \
    --ca-certificate-identifier rds-ca-rsa2048-g1 
profile picture
EXPERT
answered 13 days ago
profile picture
EXPERT
reviewed 13 days ago
  • Hi, thanks for the answer! Unfortunately I get this error in response:

    An error occurred (CertificateNotFound) when calling the ModifyDBInstance operation: Certificate not found: rds-ca-rsa2048-g1

1

Hello,

To resolve the issue with expired RDS CA certificates in the Preview Environment, you can use the AWS CLI to update the certificates. Here’s the command to update your RDS instance to use the new CA certificate:

aws rds modify-db-instance \
    --db-instance-identifier your-db-instance-identifier \
    --ca-certificate-identifier rds-ca-rsa2048-g1 \
    --apply-immediately

Replace 'your-db-instance-identifier' with your actual DB instance identifier. This command should force the upgrade to the new certificates even if the option isn't available in the console.

profile picture
EXPERT
answered 13 days ago
  • Hi, thanks for the answer! Unfortunately I get this error in response:

    An error occurred (CertificateNotFound) when calling the ModifyDBInstance operation: Certificate not found: rds-ca-rsa2048-g1

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions