Obtaining Root Certificate for Amazon RDS Databases

How to Obtain the Root Certificate for Amazon RDS Databases

Prev Question Next Question

Question

The security team enforces all connections to Amazon RDS databases to be encrypted in transit using SSL/TLS.

How can a user obtain the root certificate?

Answers

A. Download it from https://s3.amazonaws.com/rds-downloads/rds-ca-2019-root.pem.

B. Download it from AWS Management Console.

C. Generate it using openssl tool.

D. Generate it using AWS Certificate Manager.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer: A.

Option A is CORRECT because Amazon RDS root certificates are available for download at https://s3.amazonaws.com/rds-downloads/rds-ca-2019-root.pem.

Option B is incorrect because the Amazon RDS root certificate is not available for download from the AWS Management Console.

Instead, it can be downloaded from https://s3.amazonaws.com/rds-downloads/rds-ca-2019-root.pem.

Option C is incorrect because OpenSSL is a command-line tool that can be used to generate self-signed certificates.

It is not used to obtain an Amazon RDS root certificate.

Option D is incorrect because AWS Certificate Manager is not integrated with Amazon RDS.

Reference:

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html

The correct answer is A. Download it from https://s3.amazonaws.com/rds-downloads/rds-ca-2019-root.pem.

Explanation:

When connecting to an Amazon RDS database, it is important to ensure that the connection is secure by encrypting the data in transit using SSL/TLS. To establish an SSL/TLS connection, the client needs to have a valid SSL/TLS certificate that can be used to verify the identity of the server.

Amazon RDS provides a root certificate that can be used to verify the SSL/TLS certificate presented by the server. This root certificate can be downloaded from the following URL:

https://s3.amazonaws.com/rds-downloads/rds-ca-2019-root.pem

This is the recommended method to obtain the root certificate for Amazon RDS. The certificate is provided in PEM format, which is a widely used format for certificates and private keys.

Option B is not a correct answer as it does not specify where in the AWS Management Console the user can obtain the root certificate.

Option C is not a correct answer as the user cannot generate the root certificate using the openssl tool. The root certificate is issued by Amazon RDS and is signed by a trusted certificate authority.

Option D is not a correct answer as AWS Certificate Manager is used to provision, manage, and deploy SSL/TLS certificates for use with AWS services and your internal connected resources. It is not used to generate the root certificate for Amazon RDS.

Prev Question Next Question