AWS Documentation » Amazon Relational Database Service (RDS) » User Guide » Configuring Security in Amazon RDS » Using SSL to Encrypt a Connection to a DB Instance

Using SSL to Encrypt a Connection to a DB Instance

You can use SSL from your application to encrypt a connection to a DB instance running MySQL, MariaDB, SQL Server, Oracle, or PostgreSQL. Each DB engine has its own process for implementing SSL. To learn how to implement SSL for your DB instance, use the link following that corresponds to your DB engine:

• Using SSL with a MariaDB DB Instance

• Using SSL with a Microsoft SQL Server DB Instance

• Using SSL with a MySQL DB Instance

• Using SSL with an Oracle DB Instance

• Using SSL with a PostgreSQL DB Instance

A root certificate that works for all regions can be downloaded at https://s3.amazonaws.com/rds-downloads/rds-ca-2015-root.pem. It is the trusted root entity and should work in most cases but might fail if your application doesn't accept certificate chains. If your application doesn't accept certificate chains, download the AWS Region–specific certificate from the list of intermediate certificates found later in this section. You can download a root certificate for the AWS GovCloud regions at https://s3-us-gov-west-1.amazonaws.com/rds-downloads/rds-GovCloud-Root-CA-2017.pem.

Note

All certificates are only available for download using SSL connections.

A certificate bundle that contains both the intermediate and root certificates can be downloaded at https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem.

A certificate bundle that contains both the intermediate and root certificates for the AWS GovCloud regions can be downloaded at https://s3-us-gov-west-1.amazonaws.com/rds-downloads/rds-combined-ca-us-gov-bundle.pem.

If your application is on the Microsoft Windows platform and requires a PKCS7 file, you can download the PKCS7 certificate bundle that contains both the intermediate and root certificates at https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.p7b.

Intermediate Certificates

You might need to use an intermediate certificate to connect to your region. For example, you must use an intermediate certificate to connect to the AWS GovCloud (US-West) region using SSL. If you need an intermediate certificate for a particular AWS Region, download the certificate from the following list:

Asia Pacific (Hong Kong)

Asia Pacific (Mumbai)

Asia Pacific (Tokyo)

Asia Pacific (Seoul)

Asia Pacific (Osaka-Local)

Asia Pacific (Singapore)

Asia Pacific (Sydney)

Canada (Central)

China (Beijing)

China (Ningxia)

EU (Frankfurt)

EU (Ireland)

EU (London)

EU (Paris)

EU (Stockholm)

South America (São Paulo)

US East (N. Virginia)

US East (Ohio)

US West (N. California)

US West (Oregon)

AWS GovCloud (US-East) (CA-2017)

AWS GovCloud (US-West) (CA-2017)

AWS GovCloud (US-West) (CA-2012)