Using SSL/TLS to encrypt a connection to a DB instance - Amazon Relational Database Service
AWS services or capabilities described in AWS documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with AWS services in China.

Using SSL/TLS to encrypt a connection to a DB instance

You can use Secure Socket Layer (SSL) or Transport Layer Security (TLS) from your application to encrypt a connection to a DB instance running MySQL, MariaDB, SQL Server, Oracle, or PostgreSQL. Each DB engine has its own process for implementing SSL/TLS. To learn how to implement SSL/TLS for your DB instance, use the link following that corresponds to your DB engine:

Important

For information about rotating your certificate, see Rotating your SSL/TLS certificate.

Note

All certificates are only available for download using SSL/TLS connections.

A 2019 root certificate that works for the China (Beijing) AWS Region or China (Ningxia) AWS Region can be downloaded at https://s3.cn-north-1.amazonaws.com.cn/rds-downloads/rds-cn-ca-2019-root.pem.

A 2017 root certificate that works for the China (Ningxia) AWS Region can be downloaded at https://s3.cn-north-1.amazonaws.com.cn/rds-downloads/rds-cn-ca-2017-cn-northwest-1-root.pem.

To get a certificate bundle that contains both the intermediate and root certificates, download from https://s3.cn-north-1.amazonaws.com.cn/rds-downloads/rds-combined-ca-cn-bundle.pem.

If your application is on Microsoft Windows and requires a PKCS7 file, you can download the PKCS7 certificate bundle that contains both the intermediate and root certificates at https://s3.cn-north-1.amazonaws.com.cn/rds-downloads/rds-combined-ca-cn-bundle.p7b.

Intermediate certificates

You can download the intermediate certificate for the China (Beijing) Region or China (Ningxia) Region from the following locations:

China (Beijing) (2019)

China (Ningxia) (2019)

China (Ningxia) (2017)