Snippets Groups Projects

TLS Certificates: updates AWS RDS CA bundle (#38340)

Vamsi Peri authored 1 year ago

Updated the Global Bundle with the content of  https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem -O rds-combined-ca-bundle.pem
This is the new URL to be used, as described on https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html



The new bundle:
- removes expired root certificates
- keeps certificates for `rds-ca-2019`
- adds certificates for all regions for
  - `rds-ca-rsa2048-g1`: certificate authority with RSA 2048 private key algorithm and SHA256 signing algorithm
  - `rds-ca-rsa4096-g1`: certificate authority with RSA 4096 private key algorithm and SHA384 signing algorithm
  - `rds-ca-ecc384-g1`: certificate authority with ECC 384 private key algorithm and SHA384 signing algorithm

It fixes #32017 and #27790

Co-authored-by: Théophile Helleboid <theophile.helleboid.ext@qonto.com>

8cda1be2

8cda1be2 1 year ago

Code owners

Assign users and groups as approvers for specific file changes. Learn more.

Name	Last commit	Last update
..
README.md
rds-combined-ca-bundle.pem

Directory Contents

`rds-combined-ca-bundle.pem`

This is simply a copy of the "combined" CA bundle from AWS.