Menu
Amazon RDS documentation (http://aws.amazon.com/rds/faqs/#53) specifies that "Amazon RDS generates an SSL certificate for each [MySQL] DB Instance". I haven't been able to find any documentation on how to find the certificates and the certificates are nowhere to be found in the management console.
Where are the certificates?
589
Amazon RDS supports SSL encryption for PostgreSQL DB instances. Using SSL, you can encrypt a PostgreSQL connection between your applications and your PostgreSQL DB instance. You can also force all connections to your PostgreSQL DB instance to use SSL.
To get a root certificate that works for all AWS Regions, download from one of these locations: https://s3.amazonaws.com/rds-downloads/rds-ca-2019-root.pem. https://s3.amazonaws.com/rds-downloads/rds-ca-2015-root.pem.
To download a database log fileOpen the Amazon RDS console at https://console.aws.amazon.com/rds/ . In the navigation pane, choose Databases. Choose the name of the DB instance that has the log file that you want to view. Choose the Logs & events tab.
I found the solution here: https://forums.aws.amazon.com/thread.jspa?threadID=62110.
curl -O https://s3.amazonaws.com/rds-downloads/mysql-ssl-ca-cert.pem
mysql -uusername -p --host=host --ssl-ca=mysql-ssl-ca-cert.pem mysql> SHOW STATUS LIKE 'Ssl_cipher'; +---------------+------------+ | Variable_name | Value | +---------------+------------+ | Ssl_cipher | AES256-SHA | +---------------+------------+ 1 row in set (0.00 sec)
mysql> ALTER USER 'username'@'host|%' REQUIRE SSL
158
You can get the AWS RDS certificate file information from the AWS Documentation guide itself
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html
Download the certificate from here
https://rds.amazonaws.com/doc/mysql-ssl-ca-cert.pem
Update - Amazon updated the SSL certificate, you can download the it from here : https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem
Use the following command to login into mysql
root@sathish:/usr/src# mysql -h awssathish.xxyyzz.eu-west-1.rds.amazonaws.com -u awssathish -p --ssl-ca=mysql-ssl-ca-cert.pem Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 22 Server version: 5.6.13-log MySQL Community Server (GPL) Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> mysql> GRANT USAGE ON *.* TO ‘awssathish’@’%’ REQUIRE SSL Query OK, 0 rows affected (0.02 sec) mysql> mysql> show variables like "%ssl"; +---------------+-------+ | Variable_name | Value | +---------------+-------+ | have_openssl | YES | | have_ssl | YES | +---------------+-------+ 2 rows in set (0.00 sec) mysql> mysql> SHOW STATUS LIKE 'Ssl_cipher'; +---------------+------------+ | Variable_name | Value | +---------------+------------+ | Ssl_cipher | AES256-SHA | +---------------+------------+ 1 row in set (0.01 sec) mysql> exit Bye Where
awssathish.xxyyzz.eu-west-1.rds.amazonaws.com
is Endpoint of RDS,
awssathish
is the username of the rds server
34
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
