When working with certain AWS services that require secure connectivity over TCP, you might run into the dreaded “unable to get local issuer certificate” error. This is because the service is presenting a certificate signed by an Amazon CA that isn’t in your trust store. I’ve commonly seen this with services such as Redis, DocumentDB, RDS, etc.
