kandi X-RAY | certificate-rotation Summary
kandi X-RAY | certificate-rotation Summary
certificate-rotation
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- The main loop
- generateNewCert generates a new certificate and private key
- setConfig is used to update the wrapped config .
certificate-rotation Key Features
certificate-rotation Examples and Code Snippets
Community Discussions
Trending Discussions on certificate-rotation
QUESTION
AWS recently announced the need to:
Update Your Amazon RDS SSL/TLS Certificates by October 31, 2019
I have a Rails application hosted with a classic Elastic Beanstalk load balancer, which connects to a Postgres DB using RDS.
The required steps according to Amazon are:
- Download the new SSL/TLS certificate from Using SSL/TLS to Encrypt a Connection to a DB Instance.
- Update your database applications to use the new SSL/TLS certificate.
- Modify the DB instance to change the CA from rds-ca-2015 to rds-ca-2019.
(https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html)
Since I have my load balancers set up like this (connecting to my EC2 instances via HTTP port 80 (not SSL), does this mean I don't need to follow steps 1 and 2? And only follow step 3?
Or do I have to download the updated certificates and install/add them to my Load balancer or EC instances manually? Not sure how to do that.
...ANSWER
Answered 2019-Oct-18 at 07:27Step 1 & 2 only required if your application connection with MySQL is TLS encrypted.
Do not change LB TLS setting it can break your application, LB TLS is something else, where RDS TLS is something else.
If your application just creation plain connection you are safe to perform directly the step 3.
Modify the DB instance to change the CA from rds-ca-2015 to rds-ca-2019.
Normally practice for DB, DB should be in private subnet and it should not accessible from the public, TLS is helpfull when your Database and Backend connection is on the internet, not within VPC.
With an unencrypted connection between the MySQL client and the server, someone with access to the network could watch all your traffic and inspect the data being sent or received between client and server.
QUESTION
I got a notification from AWS that I need to update my SSL/TLS cert for my RDS instances by 2/5/2020 (As seen here). I don't use SSL/TLS and I understand that I still have to do this, but I can do it without having to restart with the following command:
...ANSWER
Answered 2020-Jan-13 at 01:12You can find out what SSL/TLS certificate is in use using the RDS console > Databases > Connectivity & security.
It will include something like:
Certificate authority
rds-ca-2019
Certificate authority date
Aug 22nd, 2024
QUESTION
As part of, AWS's standard maintenance everyone using RDS should update their SSL/TLS by 2/5/2020. I don't use SSL/TLS keys for my personal project, and I understand we still need to rotate the certs if you do not wish to restart.
From AWS docs:
I don’t use SSL/TLS, can I rotate the certificate without restarting my database?
...ANSWER
Answered 2020-Jan-11 at 03:27You can check supported options by
aws rds modify-db-instance help
if --no-certificate-rotation-restart
not supported, You need to upgrade your AWS CLI
pip3 install awscli --upgrade
Refer: https://docs.aws.amazon.com/cli/latest/userguide/install-cliv1.html
QUESTION
As AWS changes their root ssl cert for rds services 2019, the old certificate from 2015 looses its validity 03/2020. see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html
How to I configure sequalize to use the new rds-ca-2019 certificate?
...ANSWER
Answered 2019-Dec-15 at 22:29I think the dialectOptions
parameter should not be defined inside the pool
but outside.
like this:
QUESTION
MySQL Databases
We use MySQL RDS databases. Our web applications use a connection string with the "CertificateFile=" option, which is currently set to the 2015 certificate file, and also "SSL Mode=Required;" option.
We changed the Test database using the instructions in the AWS console to use the 2019 certificate. We committed the change straight away (as this is just the Test database). We were expecting the connections from the Web Applications to fail at this point, but they still work with the older 2015 certificate file.
Additional Info
- It looks like both 2015 and 2019 certificates work with a server on 2019 certificate, also,
- It looks like both 2015 and 2019 certificates work with a server on 2015 certificate.
So my guess is that until March 2020 (when the 2015 certificate expires), the connections are backwards compatible, ie 2015 certificate works until it expires, irrelevant of the server certificate.
Is this a correct assumption?
...ANSWER
Answered 2019-Nov-29 at 09:16In short Yes..
Certificates are backwards compatible if you want to say it like that.
In 2020 the 2015 certificate will not be functional anymore as it is expired (this is a security procedure for AWS, this has nothing to do with the application. The 2015 certificate should work with every application until the 5th of February.
I heavily recommend to swap to the new CA Certificate whenever you have time, this should not cause any problems and eventually you have to make the swap anyways, If you do decide to stick to the 2015 CA Certificate set yourself a reminder to swap before the 5th of February.
QUESTION
I am setting up a database cluster (Aurora MySQL 5.7) using the DatabaseCluster Construct from @aws-cdk/aws-rds
.
My question, where in the setup can I change the Certificate authority? I want to programmatically setup the database to use rds-ca-2019
instead of rds-ca-2015
. Note, I want to change this using CDK, not by "clicking in the AWS GUI".
The image below shows which setting I am referring to.
I have been browsing the docs for RDS CDK, and tried to Google this without success.
- This guide describes the manual steps on how to do this.
- AWS CDK RDS module
- DatabaseCluster Construct
- Low-level Cluster (CfnCluster)
BTW, my current current config looks a bit like this:
...ANSWER
Answered 2019-Nov-21 at 23:56Apparently Cloudformation doesn't support the certificate authority field, and therefore CDK can't either.
https://github.com/aws-cloudformation/aws-cloudformation-coverage-roadmap/issues/211
I upvoted the issue; feel free to join me!
QUESTION
I deploy a custom scheduler after following instructions step by step like mentioned in Kubernetes Documentation
Here's [a link] (https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/)
Pods I specify should be scheduled using the scheduler that I deployed "my-scheduler" leaves in Pending.
...ANSWER
Answered 2019-Apr-29 at 09:19I've found a solution
Add these lines:
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install certificate-rotation
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page