1 Answer
- Newest
- Most votes
- Most comments
0
- is it possible to import a custom certificate for SSL encryption?
No, however, RDS and Aurora now has new certificate authorities with 40 year and 100 year validity.
- Does certificate rotation in the RDS cluster happens automatically without impacting incoming traffic?
The certificate bundle contains certificates for both the old and new CA, so you can upgrade your application safely and maintain connectivity during the transition period. details here
- how to programmatically manage certificate rotation on the client side without impacting traffic, such as getting a new AWS CA certificate, updating the client's trust store with the new CA.
refer to this for details
answered 10 months ago
Relevant content
- asked 4 months ago
- asked 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 3 years ago
As per AWS doc, rds-ca-2019 will expire in 2024 so it's not 40 years or 100 years. Pls refer doc. https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html
Seems for Aurora serverless PG, certificate rotation happens automatically and doesn't require a restart of cluster.
In the given link nowhere mentioned how the client application be notified about new certificate and how the client application download the new certificate programmatically.
Pls answer them precisely