AWS AmazonRDS medium security documentation change
Summary
Added new section about SSL certificate issues in RDS Custom DB instances, including a PowerShell command to identify non self-signed certificates
Security assessment
The change addresses SSL certificate configuration issues that could lead to security vulnerabilities by identifying and removing non self-signed certificates from the trusted root certificate store.
Diff
diff --git a/AmazonRDS/latest/UserGuide/custom-troubleshooting-sqlserver.md index 078247f27..e563c7a69 100644 --- a/AmazonRDS/latest/UserGuide/custom-troubleshooting-sqlserver.md +++ b/AmazonRDS/latest/UserGuide/custom-troubleshooting-sqlserver.md @@ -288,0 +289,7 @@ If the agent can't start, check the Windows Events to see why it can't start. Th +`SP-2009` | SSL Certificate | **`The RDS Custom DB instance is set to [Unsupported configuration] because of: Non self-signed SSL certificate(s) causing disruption in RDS. To resolve this issue, remove the non self-signed certificate(s) from the trusted root certificate store.`** | Run the following PowerShell command to review non self-signed certificate(s). + + + Get-ChildItem cert:\LocalMachine\root -Recurse | Where-Object {$_.Issuer -ne $_.Subject -and $_.Issuer -notlike "*RDSCustomAgentCA*"} + +For more information, see [ HTTP Error 403.16 when you try to access a website that's hosted on IIS](https://learn.microsoft.com/en-us/troubleshoot/developer/webapps/iis/site-behavior-performance/http-403-forbidden-access-website). +