A Java EE 8 Production Application is running on Glassfish 5 (Jelastic cloud) and uses an AWS RDS Aurora (MySQL 5.6) database.
I received this email from aws:
As of September 19, 2019, Amazon RDS has published new Certificate Authority (CA) certificates for connecting to your RDS DB instances using SSL/TLS. We provide these new CA certificates as an AWS security best practice. For information about the new certificates and the supported AWS Regions, see Using SSL/TLS to Encrypt a Connection to a DB Instance.
The current CA certificates expire on March 5, 2020. Therefore, we strongly recommend completing this change as soon as possible (and no later than February 5, 2020), to avoid disruption on the expiration date. If the change is not completed, your applications will fail to connect to your RDS DB instances using SSL/TLS after March 5, 2020.
Before you update your DB instances to use the new CA certificate, make sure that you update your clients or applications connecting to your RDS databases.
Rotating Your SSL/TLS Certificate Download Certificate
Steps:
To update your CA certificate
Download the new SSL/TLS certificate from Using SSL/TLS to Encrypt a Connection to a DB Instance.
Update your database applications to use the new SSL/TLS certificate.
Modify the DB instance to change the CA from rds-ca-2015 to rds-ca-2019.
You can use the AWS Management Console or the AWS CLI to change the CA certificate from rds-ca-2015 to rds-ca-2019 for a DB instance.
My question is: do I need to add rds-ca-2019-root.pem to the glassfish keystore before I apply step 3. and do I need to do anything to MySQL workbench 6.2 so it keeps connecting to db intance?
Note: Regarding how, in case the answer is yes. I will be contacting Jelastic Team.
