Getting Mysql2::Error (SSL connection error: ASN: bad other signature confirmation) on Heroku App with AWS RDS

Question

Mysql2::Error (SSL connection error: ASN: bad other signature confirmation):

I am making an administration site. The environment is Rails 4.2 and Ruby 2

Answer 1

Four years later (2019) and AWS are rotating CA certs again, as expected.

RDS users are recommended to switch from the 2015 cert to the 2019 cert by 2019-11-01, and "no later than" 2020-02-05. The 2015 certificates expire on 2020-03-05.

I used the following procedure, based on RDS' Rotating Your SSL/TLS Certificate guide.

1. Schedule downtime
2. Download new certificates, save in config
   • Only the root cert is needed: rds-ca-2019-root.pem
   • The instructions mention a 2015+2019 bundle, but I couldn't find it. This file is 2019 only.
   • Region-specific intermediate certs are not needed
3. Commit, but don't deploy yet
4. heroku maintenance:on
5. In RDS web console, modify server
   • In the Network & Security section, choose rds-ca-2019
   • Apply changes immediately
6. Scale dynos down to 0
7. heorku config:set DATABASE_URL=mysql2://myuser:mypassword@myhost.rds.amazonaws.com/mydb?sslca=config/rds-ca-2019-root.pem
8. Deploy
9. Scale dynos up, watch logs
10. heroku maintenance:off

There are many reasonable variations on this procedure, this is just what worked for me. Hope it helps.