Vapor: RDS Certificate Authority Expiry

Sep, 21 2023#vapor

When Vapor connects your application to an RDS instance, it employs SSL certificate verification to encrypt the connection.

Up until now, AWS has provided certificates from the rds-ca-2019 Certificate Authority. However, these certificates are set to expire in August 2024. If your RDS instance utilizes this Certificate Authority, you must update it to avoid potential connectivity interruptions after this date.

We've put in significant effort to ensure this transition is as smooth as possible.

First and foremost, all new databases are now provisioned with an updated Certificate Authority. Thus, no action is needed if your application operates on Vapor Core >= 2.33.1.

To determine whether your existing databases are affected, visit the Databases panel on the Vapor dashboard. If any of your databases require an update, a warning banner will be displayed.

image

For any databases that are affected, ensure that every environment they're employed in runs Vapor Core ≥ 2.33.1. This version of Vapor Core includes a new certificate bundle, ensuring compatibility with the latest Certificate Authorities provided by AWS.

Crucially, you must update Vapor Core before updating the database to guarantee that your application remains connected post-database update.

Once Vapor Core is current, you're ready to update the Certificate Authority for the impacted databases. By clicking on any database in the list, you'll be directed to the appropriate page within the AWS console to perform the update.

From the AWS console, select the database you wish to update and click "Apply Now".

image

You'll then be prompted to select a Certificate Authority. While the available options will vary based on your database type, rest assured that any choice will work. This is because the new certificate bundle in Vapor Core supports them all. Furthermore, AWS will inform you on this page whether a restart is needed to apply the changes.

image

Once AWS confirms the change has been applied, simply refresh the status on the Vapor dashboard to verify everything is correctly configured.

image

We've strived to make this update process intuitive and frictionless. Our ongoing mission is to solidify Vapor's position as the premier serverless deployment platform for Laravel applications.

By Joe Dixon

Software Developer at Laravel.

Find me on Twitter, GitHub or my blog.

Follow the RSS Feed.