search

cloudcaptainsh / cloudcaptain

Issue Tracker for CloudCaptain
13 stars 3 forks source link

Updated RDS Certificates #2 #236

Closed knocknarea closed 4 years ago

knocknarea commented 4 years ago

Hello @axelfontaine I am creating a new issue against this in case you are not reading comments in closed issues: https://github.com/boxfuse/boxfuse-issues/issues/232#issuecomment-566036882

Apologies in advance if this comes across as a bit forward, but I am concerned that there is a limited window at the start of 2020 to resolve this.

knocknarea commented 4 years ago

@axelfontaine Any chance you could look into this?

It does not work if the database is not provisioned through boxfuse. That is, you connect to a preexisting database (but currently active certificates to AWS RDS work OK under same scenario)

Orreco commented 4 years ago

@axelfontaine I too am concerned about the limited time window to resolve this.

agattung commented 4 years ago

@axelfontaine when trying to connect to Postgres I am (also) running in the error mentioned by @knocknarea in #232 "PKIX path building failed" after upgrading to 1.33.1.1461.

knocknarea commented 4 years ago

@axelfontaine @boxfuse There is no answer to this issue for over 3 weeks now. AWS will be scheduling rolling certificate rotations from the 5th of Feb (a little over 2 weeks now).

Can you please acknowledge that you are at least looking into this or not, as a matter of urgency.

axelfontaine commented 4 years ago

@knocknarea We are looking into this. It is our current top priority item and will be fixed this week.

knocknarea commented 4 years ago

@axelfontaine Thank you for getting back on this, takes a load off my side.

axelfontaine commented 4 years ago

For JVM apps, you can now fix this yourself by updating the cacerts Boxfuse component while fusing the image to version 2020.01.14.

We'll ship a new client version tomorrow that will inclide this version by default.

axelfontaine commented 4 years ago

Boxfuse Client 1.33.2.1466 is now out with the fix. This new version will pull the latest certificates by default. Images fused with it are compatible with both the old and the new RDS certificates.

The best process to upgrade is therefore:

  1. Upgrade the Boxfuse Client
  2. Fuse a new version of your app and run it
  3. Upgrade its RDS certificate in the AWS Console
knocknarea commented 4 years ago

@axelfontaine Confirmed working, thank you for fixing this.