1 Answer
- Newest
- Most votes
- Most comments
1
According to the AWS GovCloud (US) User's Guide or the RDS service:
Since the AWS GovCloud (US) Regions use a unique certificate authority (CA), update your DB instances for the AWS GovCloud (US) Regions to use the Region-specific certificate identified by rds-ca-rsa4096-g1 in DescribeCertificates calls as soon as possible. The remaining instructions described in the Rotating your SSL/TLS certificate topic are the same, except for the certificate identifier.
Running the following command:
aws rds describe-certificates --region us-gov-east-1
Produces:
{
"Certificates": [
{
"CertificateIdentifier": "rds-ca-2017",
"CertificateType": "CA",
"Thumbprint": "12fef37925cf5758c3c2d32b4dfca31e74a5dde4",
"ValidFrom": "2018-07-28T00:52:33+00:00",
"ValidTill": "2022-06-01T12:00:00+00:00",
"CertificateArn": "arn:aws-us-gov:rds:us-gov-east-1::cert:rds-ca-2017",
"CustomerOverride": false
},
{
"CertificateIdentifier": "rds-ca-rsa2048-g1",
"CertificateType": "CA",
"Thumbprint": "f8fdfb895f10acb081e6003666c9ec20771f589f",
"ValidFrom": "2022-04-20T19:21:26+00:00",
"ValidTill": "2027-04-20T20:21:26+00:00",
"CertificateArn": "arn:aws-us-gov:rds:us-gov-east-1::cert:rds-ca-rsa2048-g1",
"CustomerOverride": false
},
{
"CertificateIdentifier": "rds-ca-rsa4096-g1",
"CertificateType": "CA",
"Thumbprint": "beb497e3471c0f7b230cba284179c54bdc6add97",
"ValidFrom": "2022-01-03T20:42:15+00:00",
"ValidTill": "2027-01-03T21:42:15+00:00",
"CertificateArn": "arn:aws-us-gov:rds:us-gov-east-1::cert:rds-ca-rsa4096-g1",
"CustomerOverride": false
}
]
}
Links for downloading the CA bundles can be found here: Using SSL/TLS to encrypt a connection to a DB instance.
Relevant content
- asked 7 months ago
- asked 2 years ago
- asked 8 months ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 17 days ago
- AWS OFFICIALUpdated 8 months ago