feat: update RDS CA bundle

Updating to new link for the combined cert bundle from [AWS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html).
mothership · Feb 29, 2024 · 84e3ea5 · 84e3ea5
1 parent 1e1c6f9
commit 84e3ea5
Showing 1 changed file with 6 additions and 7 deletions.
diff --git a/build/bin/import_certs.sh b/build/bin/import_certs.sh
@@ -2,18 +2,17 @@
 set -e
 
 mydir=/tmp/rds-ca
-if [ ! -e "${mydir}" ]
-then
-mkdir -p "${mydir}"
+if [ ! -e "${mydir}" ]; then
+    mkdir -p "${mydir}"
 fi
 
 pushd "${mydir}"
-curl -sS "https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem" > ${mydir}/rds-combined-ca-bundle.pem
-awk 'split_after == 1 {n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1}{print > "rds-ca-" n ""}' < ${mydir}/rds-combined-ca-bundle.pem
+curl -sS "https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem" >${mydir}/rds-combined-ca-bundle.pem
+awk 'split_after == 1 {n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1}{print > "rds-ca-" n ""}' <${mydir}/rds-combined-ca-bundle.pem
 
 for CERT in rds-ca-*; do
-    mv "$CERT" "/usr/local/share/ca-certificates/aws-rds-ca-$(basename $CERT).crt" 
-done 
+    mv "$CERT" "/usr/local/share/ca-certificates/aws-rds-ca-$(basename $CERT).crt"
+done
 
 popd
 rm -rf ${mydir}