Configuring a Certificate

RDS allows you to reset and download a certificate.

Contact customer service to apply for the required permissions.

Log in to the management console.
Click in the upper left corner and select a region and a project.
Click in the upper left corner of the page and choose Databases > Relational Database Service.
On the Instances page, click the target DB instance. The Basic Information page is displayed.
In the DB Information area, click Update next to the SSL field.
Alternatively, choose Connectivity & Security in the navigation pane on the left. In the Connection Information area, click Update next to the SSL field.
In the displayed dialog box, select the target certificate and click OK.

Updating a certificate will cause the DB instance to reboot.
View the update result on the Basic Information page.

Log in to the management console.
Click in the upper left corner and select a region and a project.
Click in the upper left corner of the page and choose Databases > Relational Database Service.
On the Instances page, click the target DB instance. The Basic Information page is displayed.
In the DB Information area, click next to the SSL field to download the root certificate or certificate bundle.
Alternatively, choose Connectivity & Security from the navigation pane. In the Connection Information area, click next to the SSL field to download the root certificate or certificate bundle.
- Since April 2017, RDS has offered a new root certificate that has a 20-year validation period. The new certificate takes effect after DB instances are rebooted. Replace the old certificate before it expires to improve system security.
  
  For details, see How Can I Identify the Validity Period of an SSL Root Certificate?
- You can also download the certificate bundle, which contains both the new certificate provided since April 2017 and the old certificate.
- TLS v1.2 or later is recommended. Versions earlier than TLS v1.2 have security risks.