AWS Relational Database Service (RDS) Certificates
AWS RDS Certificates​
note
MySQL, PostgreSQL, and Redshift in AWS currently utilize a TLS certificate issued from an AWS root certificate authority that is not publicly trusted. The steps described below are required when attempting to connect to MySQL, PostgreSQL, and Redshift in AWS.
To install all of the possible CA Certificates for AWS RDS databases, follow the instructions and use the commands described below.
- Transition to a root session so you have root access.
sudo su
- Run the following commands to download the CA certificate bundle from AWS, split it into a set of
.crtfiles, and then update the local trust store with all of these files.
apt update ; apt install -y ca-certificates curl
rm -f /tmp/global-bundle.pem
curl https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem -o /tmp/global-bundle.pem
csplit -s -z -f /usr/local/share/ca-certificates/aws-rds /tmp/global-bundle.pem '/-----BEGIN CERTIFICATE-----/' '{*}'
for file in /usr/local/share/ca-certificates/aws-rds*; do mv -- "$file" "${file%}.crt"; done
update-ca-certificates
- After running this command, you should see the following output:
Updating certificates in /etc/ssl/certs...
118 added, 0 removed; done.
- Ensure you exit your root session.
exit
note
Make sure to follow the above instructions for each virtual machine running Client Workloads that needs access to AWS MySQL, PostgreSQL, or Redshift.