Short Description
-----------------

Amazon Relational Database Service (Amazon RDS) and Aurora SSL/TLS certificates that were created before January 14, 2020 expire on March 5, 2020. If your certificate expires, then you can lose connectivity to your RDS DB instance or Aurora DB cluster.

Resolution
----------

You must find out if your applications use SSL/TLS to connect to Amazon RDS databases. For troubleshooting steps and more information, see [Amazon RDS customers: Update your SSL/TLS certificates by March 5, 2020](https://aws.amazon.com/blogs/database/amazon-rds-customers-update-your-ssl-tls-certificates-by-february-5-2020/).

To rotate your SSL/TLS certificate, update your client application or service to include the new CA certificates in its trust store. Use the combined bundle that contains both the new and the old CA certificates. Then, update your RDS DB instances to use the new CA certificates. Before you deploy the new SSL/TLS certificate to your production environment, it's important to test the client and server. For complete instructions for updating your SSL/TLS certificates, see the following for more information:

*   [Rotating your SSL/TLS certificate](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html) (Amazon RDS)
*   [Rotating your SSL/TLS certificate](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL-certificate-rotation.html) (Amazon Aurora)

Related Information
-------------------

[Using SSL/TLS to encrypt a connection to a DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html)

What is the standard approach for,
1. downloading a new certificate when there is any update in RDS certificates?
2. how does application know about server certificate change? 

This should all be done programmatically without affecting incoming traffic.

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

I've never used SSL for my RDS tho. 
if i need to use a SSL, how do i do this?

I received an email that says the SSL/TLS certificate that is used by my Amazon RDS DB instance or Amazon Aurora DB cluster expires on March 5, 2020. 

Update SSL/TLS certificate for an Amazon RDS DB instance or Aurora DB cluster

What do I need to do to update my SSL/TLS certificate for an Amazon RDS DB instance or Aurora DB cluster?

What do I need to do to update my SSL/TLS certificate for an Amazon RDS DB instance or Aurora DB cluster?

Short Description

Resolution

Related Information

Relevant content