Skip to content

Get Hands-on with Amazon EKS - Workshop Event Series

Whether you're taking your first steps with Kubernetes or you're an experienced practitioner looking to sharpen your skills, our Amazon EKS workshop series delivers practical, real-world experience that moves you forward. Learn directly from AWS solutions architects and EKS specialists through hands-on sessions designed to build your confidence with Kubernetes. Register now and start building with Amazon EKS!

How do I update my SSL/TLS certificate for an Amazon RDS DB instance or Aurora DB cluster?

1 minute read

1

I want to update the SSL/TLS certificate that my Amazon Relational Database Service (Amazon RDS) DB instance or Amazon Aurora DB cluster uses.

Resolution

If your applications use SSL/TLS to connect to Amazon RDS databases and your SSL/TLS certificate is about to expire, then rotate your SSL/TLS certificate.

To rotate your SSL/TLS certificate, update your client application or service to include the new Certificate Authority (CA) certificates in its trust store. Use the combined bundle that contains both the new and the old CA certificates. Then, update your RDS DB instances to use the new CA certificates. Before you deploy the new SSL/TLS certificate to your production environment, make sure that you test the client and server.

For more information, see the following documentation:

Rotating your SSL/TLS certificate (Amazon RDS)
Rotating your SSL/TLS certificate (Aurora)

Related information

Using SSL/TLS to encrypt a connection to a DB instance or cluster

Topics: Analytics Migration & Modernization Database
Tags: Amazon Relational Database Service
Language: English

AWS OFFICIALUpdated 5 months ago

4 Comments

What is the standard approach for,

downloading a new certificate when there is any update in RDS certificates?
how does application know about server certificate change?

This should all be done programmatically without affecting incoming traffic.

rePost-User-5412979

replied 3 years ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

MODERATOR

replied 3 years ago

I've never used SSL for my RDS tho. if i need to use a SSL, how do i do this?

replied 2 years ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

EXPERT

replied 2 years ago

Relevant content

How to Update Multi-AZ DB clusters (New) CA Certificate
Sumar
asked 2 years ago
Which is better Multi-AZ DB Cluster or Multi-AZ DB Instance for Amazon RDS for PostgreSQL
Accepted Answer
rePost-User-0903583
asked 3 years ago
Application changes when DB Server certificate is automatically rotated by the RDS in Aurora Postgresql
Accepted Answer
dharsh
asked 9 months ago
How can I cause a failover on an Aurora Serverless v1 DB Cluster with no instances?
rePost-User-4348268
asked 3 years ago
How to ensure replica is in sync between AWS RDS PSQL primary DB and Aurora RDS PSQL replica cluster?
amudhanp
asked 4 years ago
Why did I get a hardware maintenance or OS update notification for my Aurora PostgreSQL-Compatible DB instance?
AWS OFFICIALUpdated 3 years ago
How do I use Amazon RDS Proxy to connect to my Amazon RDS for MySQL DB instance or Aurora MySQL-Compatible DB cluster?
AWS OFFICIALUpdated a year ago
How do I resolve an Amazon RDS instance or Aurora cluster that’s in an inaccessible encryption state?
AWS OFFICIALUpdated 3 months ago
How do I create a read replica for an Amazon Aurora MySQL DB cluster?
AWS OFFICIALUpdated 10 months ago
Identify and rotate your Amazon RDS and Amazon Aurora SSL/TLS Certificates at scale
EXPERT
Yuriy Prykhodko
published 2 years ago