AWS Security ChangesHomeSearch

AWS AmazonRDS documentation change

Service: AmazonRDS · 2026-03-13 · Documentation low

File: AmazonRDS/latest/UserGuide/SQLServer.Concepts.General.SSL.Using.md

Summary

Added a note recommending the use of PKCS#7 (.p7b) certificate format over .pem for Windows clients to ensure the complete certificate chain is imported, preventing connection failures when mandatory encryption is enabled.

Security assessment

This change adds security-related documentation about proper SSL/TLS certificate configuration to ensure successful encrypted connections. It addresses a potential operational issue (connection failures) that could indirectly impact security if users fall back to unencrypted connections, but it does not describe a specific, known security vulnerability or incident.

Diff

diff --git a/AmazonRDS/latest/UserGuide/SQLServer.Concepts.General.SSL.Using.md b/AmazonRDS/latest/UserGuide/SQLServer.Concepts.General.SSL.Using.md
index 9ef876c1d..84160e713 100644
--- a//AmazonRDS/latest/UserGuide/SQLServer.Concepts.General.SSL.Using.md
+++ b//AmazonRDS/latest/UserGuide/SQLServer.Concepts.General.SSL.Using.md
@@ -104,0 +105,4 @@ You can use the following procedure to import your certificate into the Microsof
+###### Note
+
+When connecting from Windows clients such as SQL Server Management Studio (SSMS), we recommend using the PKCS#7 (.p7b) certificate format instead of the global-bundle.pem file. The .p7b format ensures the complete certificate chain — including Root and Intermediate Certificate Authorities (CAs) — is correctly imported into the Windows Certificate Store. This prevents connection failures that can occur when mandatory encryption is enabled, as .pem imports may not install the full chain properly.
+