How to get hold of Amazon MySQL RDS certificates
Amazon RDS documentation (http://aws.amazon.com/rds/faqs/#53) specifies that "Amazon RDS generates an SSL certificate for each [MySQL] DB Instance". I haven't been able to find any documentation on how to find the certificates and the certificates are nowhere to be found in the management console.
Where are the certificates?
Answer
I found the solution here: https://forums.aws.amazon.com/thread.jspa?threadID=62110.
- Download ca cert file from here: https://s3.amazonaws.com/rds-downloads/mysql-ssl-ca-cert.pem
curl -O https://s3.amazonaws.com/rds-downloads/mysql-ssl-ca-cert.pem
- Connect to mysql:
mysql -uusername -p --host=host --ssl-ca=mysql-ssl-ca-cert.pem
- Check that your connection is really encrypted:
mysql> SHOW STATUS LIKE 'Ssl_cipher';
+---------------+------------+ | Variable_name | Value | +---------------+------------+ | Ssl_cipher | AES256-SHA | +---------------+------------+ 1 row in set (0.00 sec)
- Optionally force SSL for a specific user to connect to MySQL
mysql> ALTER USER 'username'@'host|%' REQUIRE SSL