Score:0

Why RDS needs only CA certificate to connect via SSL?

au flag

Usually you need a client certificate and a pair of public/private key to connect securely. How come all RDS needs is a CA certificate?

cn flag
You can. Use a smart card.
vidarlo avatar
ar flag
That's the normal use case for TLS. Your web browser authenticates the server, but the server generally doesn't authenticate the client.
Score:0
vn flag

How come all RDS needs is a CA certificate?

It only needs a CA certificate because updating the CA cert causes RDS to automatically create a new server key and cert (signed by the new CA) for you.

Note that for your RDS instance to begin using its new key/cert it will need to be restarted.

chingis avatar
au flag
Does it mean I still have to generate client certificate and sign it with the provided CA? It's just the AWS docs says like all you need is the CA certificate to connect securely. But, for example, if I connect to GCP Cloud SQL I request a client certificate with the key as well as CA certificate.
vn flag
RDS does not support authenticating with client certificates whereas it seems CGP Cloud SQL requires it.
chingis avatar
au flag
Is it equally secure? I always thought you must have a key pair with a client certificate signed by a CA certificate to establish a secure SSL connection
vn flag
See https://security.stackexchange.com/questions/61810/are-login-certificates-more-secure-than-standard-username-password-authentic
chingis avatar
au flag
I'm not sure I follow you, are you saying that because RDS doesn't generate client certificates then it's just username+password authentication after all? In that case what's the point of the provided CA cert? Also, are you aware that AWS doesn't generate new CA cert per RDS instance, it just has one public CA for RDS in their docs
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.