Published in

Cloud Techies

Feb 6, 2021

1 min read

Using SSL/TLS to encrypt connection to DB Instance

Goal

Encrypt the connection between application server and DB.

Solution

You can create RDS with default SSL cert provided by AWS.

Check this using below command in MySQL tool.

SHOW VARIABLES LIKE '%SSL%';

Step 1: Setup the connection properties in connector string “useSSL=true&trustServerCertificate=true”

Example:

jdbc:mariadb://<dbhost>:3306/abc?useSSL=true&trustServerCertificate=true

Step 2: Setup SSL connections for specific users accounts.

CREATE USER 'appuser'@'%' REQUIRE SSL;

Important Note: Default RDS cert has an expiration date and need to be rotated.

Reference:

Using SSL/TLS to encrypt a connection to a DB instance

You can use Secure Socket Layer (SSL) or Transport Layer Security (TLS) from your application to encrypt a connection…

docs.aws.amazon.com

Rotating your SSL/TLS certificate

As of March 5, 2020, Amazon RDS CA-2015 certificates have expired. If you use or plan to use Secure Sockets Layer (SSL)…

docs.aws.amazon.com

More from Cloud Techies

Onboarding steps, design diagrams, architecture flows, technical solutions and implementations on all major Clouds like AWS, GCP, Azure and details about other important open source tools like Kubernetes, Terraform, Ansible.

Read more from Cloud Techies

About Help Terms Privacy

Get the Medium app

Get unlimited access
Arun Kumar
47 Followers
Cloud Architect | AWS, GCP, Azure, Python, Kubernetes, Terraform, Ansible

Help
Status
Writers
Blog
Careers
Privacy
Terms
About
Text to speech