Need time estimate to update SQL Server RDS certificate

0

Our production database is residing on a SQL Server Standard Edition RDS which is going to expire soon. The production database size is more than 1 TB, we cannot have long down time because the users are working on website 24x7.

How much time can we tell our customers as down time to finish certificate update successfully? It is mentioned at many places that RDS DB instances having large databases require more time for the certificate update. A time estimation for updating RDS certificate will help us plan better and inform our customers upfront about the downtime.

Please suggest.

已提問 2 個月前檢視次數 226 次
2 個答案
0

Hello.

The following document describes how to check if a restart occurs.
Run the AWS CLI and check if a reboot occurs.
If the value of "SupportsCertificateRotationWithoutRestart" is false, a restart will occur, so I think there will be downtime.
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html#UsingWithRDS.SSL-certificate-rotation-considerations

Modify the DB instance or Multi-AZ DB cluster to change the CA from rds-ca-2019 to rds-ca-rsa2048-g1. To check if your database requires a restart to update the CA certificates, use the describe-db-engine-versions command and check the SupportsCertificateRotationWithoutRestart flag.

Although it is not SQLserver, when I updated the RDS MySQL certificate in the past, it was completed in about 30 seconds.(Changing the certificate took 30 seconds and the downtime was about 10 seconds.)
Maybe it was because we were using a multi-AZ configuration, but the downtime wasn't that long.
However, in the case of SQLserver, the situation may be different, so I recommend that you create a test environment and check it before executing it in the production environment.

profile picture
專家
已回答 2 個月前
0

I have done this 15 times recently for a client and MS SQL Server took about 5 - 10 mintues to complete but was Single AZ as we were upgrading from 2016 to 2022 before going back to Multi Az

profile picture
專家
已回答 2 個月前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南