Other: Bug - Fix TLS implementation to be able to trust root certificates rather than intermediary certificates.
Only the intermediary Certificate authorities for certificates may be trusted in 5tran. We have 2 RDS servers v2 in the same cluster that are signed by different intermediary certificate authorities and have no way of changing this on the RDS side.
Whenever automatic certificate rotation happens if we have encryption enabled we must go back in and trust the intermediary certificate authority. Ideally we're able to provide our own certificate authority such as one of these (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html#UsingWithRDS.SSL.RegionCertificates).
Both endpoints are in the same cluster and have the same hostname for fivetran to connect to. We must do this in order to fail over the writer instance on AWS.
Sample database 1:
Root CA (Would like to trust)
Intermediary CA 1 (can trust in fivetran)
Server certificate a (can trust in fivetran)
Sample database 2:
Root CA (Would like to trust)
Intermediary CA 2 (can trust in fivetran)
Server certificate (can trust in fivetran)
Please sign in to leave a comment.
Comments
0 comments