Hello,
So, my Mailman3 installation (inherited – guy who set it up has left) is using PostgreSQL that is an AWS RDS instance. I have received an alert from AWS that the CA certificate used to create the database is expiring, and they want me to update the certificate before it expires:
"Update Your Amazon RDS and Amazon Aurora SSL/TLS Certificates by August 22, 2024 " https://aws.amazon.com/blogs/aws/rotate-your-ssl-tls-certificates-now-amazon...
Our DBA team is requesting that we update applications by installing the new CA within the application's certificate store.
As near as I can tell from reading the Mailman 3 docs, and looking at my mailman.cfg and settings_local.py ... I don't know that Mailman 3 is using certificate verification for the PostgreSQL connection. At least, I can't see anything in those configuration files that suggest this. Does anyone know if this is the case – or which configuration file I should look at to verify? Will my Mailman 3 be ok if the DBAs go ahead and update the certificates on their end?
Thank you!
-p
Pat Hirayama Pronouns: he/him/his Systems Engineer IT | Systems Engineering - Infrastructure Fred Hutch Cancer Center O 206.667.4856
phirayam@fredhutch.org<mailto:phirayam@fredhutch.org>
On 8/12/24 10:23, Hirayama, Pat wrote:
As near as I can tell from reading the Mailman 3 docs, and looking at my mailman.cfg and settings_local.py ... I don't know that Mailman 3 is using certificate verification for the PostgreSQL connection. At least, I can't see anything in those configuration files that suggest this. Does anyone know if this is the case – or which configuration file I should look at to verify? Will my Mailman 3 be ok if the DBAs go ahead and update the certificates on their end?
There are two places where the database access is defined. They are the [database] section in mailman.cfg and the DATABASES definition in Django's settings.
I don't see a way in either of these to specify TLS for the connection, possibly it is set on the PostgreSQL side. In any case, I don't think there'd be any issue if the DBAs go ahead and update the certificates on their end.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Thanks, Mark. That's what it looked like to me, but I wanted someone with more expertise / experience to weigh in.
Have a great day!
Pat Hirayama Pronouns: he/him/his Systems Engineer IT | Systems Engineering Fred Hutchinson Cancer Center O 206.667.4856 phirayam@fredhutch.org
From: Mark Sapiro <mark@msapiro.net> Sent: Monday, August 12, 2024 10:49 To: mailman-users@mailman3.org <mailman-users@mailman3.org> Subject: [MM3-users] Re: RDS CA changes
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
On 8/12/24 10:23, Hirayama, Pat wrote:
As near as I can tell from reading the Mailman 3 docs, and looking at my mailman.cfg and settings_local.py ... I don't know that Mailman 3 is using certificate verification for the PostgreSQL connection. At least, I can't see anything in those configuration files that suggest this. Does anyone know if this is the case – or which configuration file I should look at to verify? Will my Mailman 3 be ok if the DBAs go ahead and update the certificates on their end?
There are two places where the database access is defined. They are the [database] section in mailman.cfg and the DATABASES definition in Django's settings.
I don't see a way in either of these to specify TLS for the connection, possibly it is set on the PostgreSQL side. In any case, I don't think there'd be any issue if the DBAs go ahead and update the certificates on their end.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mailman-users mailing list -- mailman-users@mailman3.org To unsubscribe send an email to mailman-users-leave@mailman3.org https://urldefense.com/v3/__https://lists.mailman3.org/mailman3/lists/mailma... Archived at: https://urldefense.com/v3/__https://lists.mailman3.org/archives/list/mailman...
This message sent to phirayam@fredhutch.org
participants (2)
-
Hirayama, Pat -
Mark Sapiro