What do I need to do to update my SSL/TLS certificate for an Amazon RDS DB instance or Aurora DB cluster?

2 minute read

1

I received an email that says the SSL/TLS certificate that is used by my Amazon RDS DB instance or Amazon Aurora DB cluster expires on March 5, 2020.

Short Description

Amazon Relational Database Service (Amazon RDS) and Aurora SSL/TLS certificates that were created before January 14, 2020 expire on March 5, 2020. If your certificate expires, then you can lose connectivity to your RDS DB instance or Aurora DB cluster.

Resolution

You must find out if your applications use SSL/TLS to connect to Amazon RDS databases. For troubleshooting steps and more information, see Amazon RDS customers: Update your SSL/TLS certificates by March 5, 2020.

To rotate your SSL/TLS certificate, update your client application or service to include the new CA certificates in its trust store. Use the combined bundle that contains both the new and the old CA certificates. Then, update your RDS DB instances to use the new CA certificates. Before you deploy the new SSL/TLS certificate to your production environment, it's important to test the client and server. For complete instructions for updating your SSL/TLS certificates, see the following for more information:

Rotating your SSL/TLS certificate (Amazon RDS)
Rotating your SSL/TLS certificate (Amazon Aurora)

Related Information

Using SSL/TLS to encrypt a connection to a DB instance

Topics

Migration & Modernization Analytics Database

Tags

Amazon Relational Database Service

Language

English

AWS OFFICIALUpdated 10 months ago

4 Comments

What is the standard approach for,

downloading a new certificate when there is any update in RDS certificates?
how does application know about server certificate change?

This should all be done programmatically without affecting incoming traffic.

replied 10 months ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

MODERATOR

replied 10 months ago

I've never used SSL for my RDS tho. if i need to use a SSL, how do i do this?

replied 8 months ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

MODERATOR

replied 8 months ago

Relevant content

RDS Aurora compute db instance type not available
Ashishkpal
asked 2 years ago
For my App which is a best DB choice ? Aurora or RDS or Dynamo DB ?
Sooraj Sairam Aanand
asked a year ago
Which is better Multi-AZ DB Cluster or Multi-AZ DB Instance for Amazon RDS for PostgreSQL
Accepted Answer
rePost-User-0903583
asked 10 months ago
Update Your Amazon RDS and Amazon Aurora SSL/TLS Certificates
Accepted Answer
zeiddev
asked 6 months ago
add new DB inside aurora cluster
Accepted Answer
Jess
asked 2 years ago
How do I use Amazon RDS Proxy to connect to my Amazon RDS for MySQL DB instance or Aurora MySQL-Compatible DB cluster?
AWS OFFICIALUpdated 8 months ago
How do I migrate to an Amazon RDS or Amazon Aurora DB instance using AWS DMS?
AWS OFFICIALUpdated a year ago
How do I change the VPC for an Amazon RDS DB instance?
AWS OFFICIALUpdated 2 years ago
Why can't I connect to my Amazon RDS DB or Amazon Aurora DB instance using RDS Proxy?
AWS OFFICIALUpdated a year ago
Connect to your Amazon Aurora MySQL DB cluster
EXPERT
Gayathri Krishnamoorthy
published 8 months ago