Amazon Web Services has issued an "important" warning to users of its Amazon Aurora, Amazon Relational Database Service (RDS), and Amazon DocumentDB (with MongoDB compatibility) databases, urging them to update their certificates by January 14, 2020.
Those who use SSL/TLS certificate validation when they connect to database instances are urged to download and install a fresh certificate, rotate the certificate authority (CA) for the instances, and reboot the instances. Users who don't have SSL/TLS connections or certificate validation don't need to make any updates; however, AWS advises doing so in case they want to use SSL/TLS connections in the future.
This process is standard: SSL/TLS certificates for RDS, Aurora, and DocumentDB expire and are replaced every five years as part of standard maintenance. Users may already have received an email or console notification alerting them to the process.
Instances created on or after January 14 will have the new (CA-2019) certificates, made available in September 2019. Users can temporarily switch back to the old (CA-2015) certificates if needed. CA-2015 certificates will expire on March 5, 2020; at this point, applications that use certificate validation but haven't been updated will lose connectivity.
Read more details here.