0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

【AWS】certificate verify failed: unable to get local issuer certificate (_ssl.c:1006)) が出る

Posted at

エラーログ

RDSプロキシにて

Database error: (2003, "Can't connect to MySQL server on 'dev-proxy-db-01.XXX.ap-northeast-1.rds.amazonaws.com' ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1006))")

が出る

原因

このエラーは、SSL証明書の検証に失敗した場合に発生します。

対処方法

  1. 正しい証明書のダウンロードと使用

    • 最新のRDS証明書をダウンロード:
    wget https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem -O rds-ca-2019-root.pem
    
    • S3バケットに証明書をアップロード:
    resource "aws_s3_object" "rds_ca_cert" {
      bucket = aws_s3_bucket.lambda_bucket.bucket
      key    = "rds-ca-2019-root.pem"
      source = "${path.module}/rds-ca-2019-root.pem"
    }
    
  2. Lambda関数コードの修正

    • SSL contextの設定を適切に行う:
    ssl_context = ssl.create_default_context(cafile=temp_cert_file.name)
    ssl_context.check_hostname = False
    ssl_context.verify_mode = ssl.CERT_REQUIRED
    
  3. RDSプロキシの設定確認

    • require_tlsが正しく設定されているか確認:
    resource "aws_db_proxy" "rds_proxy_db_dump" {
      # 他の設定...
      require_tls = true
    }
    
0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?