Update Your Amazon RDS SSL/TLS Certificates by October 31, 2019

3
votes

With the recent update from AWS regarding updating the SSL Certificate for RDS:

In order to update your certificates to rds-ca-2019, the database clients which use SSL will need to be updated first, to do so download the new certificate from https://s3.amazonaws.com/rds-downloads/rds-ca-2019-root.pem

I also tried the intermediate certificates.

We use RDS PostgreSQL db. I tried to connect to PostgreSQL using pgadmin with the new certificate.

I have specified the postgresql username, password, SSH tunnel along with the new pem certificate.

I am getting error "No password or public key available!"

I am able to connect using the existing pem file. Why am I not able to connect with the new pem file to the postgresql DB?

1
postgresqlamazon-web-servicesapinginxamazon-rds
Any suggestions...Rajspeeder

1 Answers

1
votes

It may be too early to use the new certificate. I included rds-ca-2019-root.pem in my codebase and once deployed updated my database connection string to use it, but the app was unable to connect.

However, I was successful when I put rds-combined-ca-bundle.pem in my codebase that I got from here as mentioned here and referenced that in my database connection URL.

N.B. I am using mysql on a rails app from heroku, but the SSL challenges should be the same