Had to wear my DevOps hat to do some AWS RDS security cert updates. This was a little tricky since the docs didn't really address the configs I was up against and Postgres will, by default, accept any old (and expired!) certs unless you explicitly ask to verify them. In any case, I figured it out, whew!