@jesdynf,
I created the following update-rds-ca.sh script to help update the SSL/TLS certificate based on the ami-configure.sh script in the master branch and your helpful advice above:
(NOTE: THIS PROCEDURE WILL DISCONNECT OPENEMR STANDARD on AWS FROM THE MySQL DATABASE (hopefully only temporarily) … make sure you are either using a test system or have backup images of your instance, database before starting this procedure)
#!/bin/sh
# update-rds-ca.sh
mydir=/mnt/docker/volumes/standard_sitevolume/_data/default/documents/certificates/
cp -i ${mydir}mysql-ca ${mydir}mysql-ca.old
curl -sS "https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem" > ${mydir}mysql-ca
chown 1000 ${mydir}mysql-ca
I run the above script with the following …
sudo bash ./update-rds-ca.sh
Then I restart the docker with the following (standard_openemr_1 references my docker) …
sudo docker restart standard_openemr_1
After the docker restarts, if I try to use OpenEMR STANDARD, I get the following error in the web browser:
Check that you can ping the server xxxxxxxx.yyyyyyyyyy.rds.amazonaws.com.
Thus, I now suspect that the new certificate file has been loaded, and OpenEMR STANDARD cannot communicate with the database using the old certificate.
Now I go into AWS RDS to update the certificate on the database instance.
I choose “Update now” since I want to correct the issue immediately and return to a working OpenEMR system.
I then check the "I understand … " box that pops up and then apply the change. Status changes to “Pending” while the change is being applied.
After this, make sure you can log back into OpenEMR (worked for me). Thank you @jesdynf for helping guide me through this!!
–Ralf