What do I need to do to update my SSL/TLS certificate for an Amazon RDS DB instance or Aurora DB cluster?

Last updated: 2020-03-02

I received an email that says the SSL/TLS certificate that is used by my Amazon Relational Database Service (Amazon RDS) DB instance or Amazon Aurora DB cluster is expiring on March 5, 2020. What do I need to do?

Short Description

Amazon RDS and Aurora SSL/TLS certificates that were created before January 14, 2020 are expiring on March 5, 2020. If your certificate expires, you can lose connectivity to your RDS DB instance or Aurora DB cluster.

Resolution

To find out whether your applications connect to Amazon RDS databases using SSL/TLS and for other troubleshooting steps, see the following AWS Database Blog post: Update your SSL/TLS certificates by March 5, 2020.

To rotate your SSL/TLS certificate, first update your client application or service to include the new CA certificates in its trust store using the combined bundle that contains both the new and the old CA certificates. Then, update your RDS DB instances to use the new CA certificates. It's important to test the client and server before deploying the new SSL/TLS certificate to your production environment. For complete instructions for updating your SSL/TLS certificates, see the following:


Did this article help you?

Anything we could improve?


Need more help?