RDS Security Certificates

I recently started replacing MySQL instances that I manage myself on virtual machines with RDS databases, on the perceived promise that they would be easier to manage and maintain.

This month I got an urgent, lengthy message from Amazon about replacing security certificates. I was surprised by this. I thought RDS was a service that Amazon maintains for me, rather than something where I need to manage details at this level.

In any case, I figured out how to update the security certificate but now it says my database's certificate expires in 2025. Do I have to do this every year? I never had to do such a thing with my own MySQL instances.

Another point of confusion for me is that Amazon constantly refers to "client certificates" and certificate authorities. I have never installed a client certificate or altered any root certificates on any of my clients. My clients are all Java applications running on Amazon EC2 instances, which I keep up to date, and so far they still work. Are client certificates something I need to worry about?

Excuse my ignorance, security was never one of my areas of expertise, but in today's economic enviromnet my company cannot afford a dedicated security expert.

Thanks, Frank