AWS AmazonRDS documentation change
Summary
Added a note recommending the use of PKCS#7 (.p7b) certificate format over .pem for Windows clients to ensure the complete certificate chain is imported, preventing connection failures when mandatory encryption is enabled.
Security assessment
This change adds security-related documentation about proper SSL/TLS certificate configuration to ensure successful encrypted connections. It addresses a potential operational issue (connection failures) that could indirectly impact security if users fall back to unencrypted connections, but it does not describe a specific, known security vulnerability or incident.
Diff
diff --git a/AmazonRDS/latest/UserGuide/SQLServer.Concepts.General.SSL.Using.md b/AmazonRDS/latest/UserGuide/SQLServer.Concepts.General.SSL.Using.md index 9ef876c1d..84160e713 100644 --- a//AmazonRDS/latest/UserGuide/SQLServer.Concepts.General.SSL.Using.md +++ b//AmazonRDS/latest/UserGuide/SQLServer.Concepts.General.SSL.Using.md @@ -104,0 +105,4 @@ You can use the following procedure to import your certificate into the Microsof +###### Note + +When connecting from Windows clients such as SQL Server Management Studio (SSMS), we recommend using the PKCS#7 (.p7b) certificate format instead of the global-bundle.pem file. The .p7b format ensures the complete certificate chain — including Root and Intermediate Certificate Authorities (CAs) — is correctly imported into the Windows Certificate Store. This prevents connection failures that can occur when mandatory encryption is enabled, as .pem imports may not install the full chain properly. +