Join Log in
Score:0
chingis avatar Server

Why RDS needs only CA certificate to connect via SSL?

au flag
chingis

Usually you need a client certificate and a pair of public/private key to connect securely. How come all RDS needs is a CA certificate?

208
1 + 2
ssl
rds
cn flag
Greg Askew
You can. Use a smart card.
0
Reply
vidarlo avatar
ar flag
vidarlo
That's the normal use case for TLS. Your web browser authenticates the server, but the server generally doesn't authenticate the client.
0
Reply
Score:0
avatar Server
vn flag
Mark Wagner

How come all RDS needs is a CA certificate?

It only needs a CA certificate because updating the CA cert causes RDS to automatically create a new server key and cert (signed by the new CA) for you.

Note that for your RDS instance to begin using its new key/cert it will need to be restarted.

0 + 5
chingis avatar
au flag
chingis
Does it mean I still have to generate client certificate and sign it with the provided CA? It's just the AWS docs says like all you need is the CA certificate to connect securely. But, for example, if I connect to GCP Cloud SQL I request a client certificate with the key as well as CA certificate.
0
Reply
vn flag
Mark Wagner
RDS does not support authenticating with client certificates whereas it seems CGP Cloud SQL requires it.
0
Reply
chingis avatar
au flag
chingis
Is it equally secure? I always thought you must have a key pair with a client certificate signed by a CA certificate to establish a secure SSL connection
0
Reply
vn flag
Mark Wagner
See https://security.stackexchange.com/questions/61810/are-login-certificates-more-secure-than-standard-username-password-authentic
0
Reply
chingis avatar
au flag
chingis
I'm not sure I follow you, are you saying that because RDS doesn't generate client certificates then it's just username+password authentication after all? In that case what's the point of the provided CA cert? Also, are you aware that AWS doesn't generate new CA cert per RDS instance, it just has one public CA for RDS in their docs
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.