Certificate issue in RDS "Preview environment"

Question

The old CA certificates (rds-ca-2019) have expired as of August 21st, and the instructions to update them on RDS instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html) aren't working on databases in the Preview Environment.

As an example, I'm working on testing some features in MySQL 8.4 in the RDS Preview Environment, but can't connect to my instance using TLS because of the expired certs. The option to upgrade to the new certs is not available in the Modify page. Is this a bug?

Riku_Kobayashi · Answer

Hello.

Have you tried making changes from the AWS CLI instead of from the management console?  
Try the command below.  
https://awscli.amazonaws.com/v2/documentation/api/latest/reference/rds/modify-db-instance.html  
```
aws rds modify-db-instance \
    --db-instance-identifier mydbinstance \
    --ca-certificate-identifier rds-ca-rsa2048-g1 
```

kranthi putti · Answer

Hello,

To resolve the issue with expired RDS CA certificates in the Preview Environment, you can use the AWS CLI to update the certificates. Here’s the command to update your RDS instance to use the new CA certificate:

```
aws rds modify-db-instance \
    --db-instance-identifier your-db-instance-identifier \
    --ca-certificate-identifier rds-ca-rsa2048-g1 \
    --apply-immediately

```
Replace *'your-db-instance-identifier'* with your actual DB instance identifier. This command should force the upgrade to the new certificates even if the option isn't available in the console.

Certificate issue in RDS "Preview environment"

Add your answer

Relevant content