diff --git a/aoe-data-analytics/service-etl-processor/import_rds_certs.sh b/aoe-data-analytics/service-etl-processor/import_rds_certs.sh
index bf307b97..174593a3 100755
--- a/aoe-data-analytics/service-etl-processor/import_rds_certs.sh
+++ b/aoe-data-analytics/service-etl-processor/import_rds_certs.sh
@@ -11,9 +11,9 @@ fi
 mydir=/certs
 truststore=${mydir}/rds-truststore.jks
 storepassword="$TRUST_STORE_PASSWORD"
+curl -sS "https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem" > ${mydir}/global-bundle.pem
 
-curl -sS "https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem" > ${mydir}/rds-combined-ca-bundle.pem
-awk 'split_after == 1 {n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1}{print > "rds-ca-" n ".pem"}' < ${mydir}/rds-combined-ca-bundle.pem
+awk 'split_after == 1 {n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1}{print > "rds-ca-" n ".pem"}' < ${mydir}/global-bundle.pem
 
 for CERT in rds-ca-*; do
   alias=$(openssl x509 -noout -text -in $CERT | perl -ne 'next unless /Subject:/; s/.*(CN=|CN = )//; print')
@@ -22,4 +22,13 @@ for CERT in rds-ca-*; do
   rm $CERT
 done
 
-rm ${mydir}/rds-combined-ca-bundle.pem
+rm ${mydir}/global-bundle.pem
+
+# code below is just double-checking, listing the certificates using keytool
+echo "Trust store content is: "
+
+keytool -list -v -keystore "$truststore" -storepass ${storepassword} | grep Alias | cut -d " " -f3- | while read alias
+do
+  expiry=`keytool -list -v -keystore "$truststore" -storepass ${storepassword} -alias "${alias}" | grep Valid | perl -ne 'if(/until: (.*?)\n/) { print "$1\n"; }'`
+  echo " Certificate ${alias} expires in '$expiry'"
+done
\ No newline at end of file
diff --git a/aoe-data-analytics/service-etl-processor/src/main/java/fi/csc/processor/producer/JksFileChecker.java b/aoe-data-analytics/service-etl-processor/src/main/java/fi/csc/processor/producer/JksFileChecker.java
index a100502e..8b38930f 100644
--- a/aoe-data-analytics/service-etl-processor/src/main/java/fi/csc/processor/producer/JksFileChecker.java
+++ b/aoe-data-analytics/service-etl-processor/src/main/java/fi/csc/processor/producer/JksFileChecker.java
@@ -3,6 +3,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.boot.CommandLineRunner;
+import org.springframework.core.annotation.Order;
 import org.springframework.stereotype.Component;
 
 import java.io.FileInputStream;
@@ -10,6 +11,7 @@
 import java.util.Enumeration;
 
 @Component
+@Order(1)
 public class JksFileChecker implements CommandLineRunner {
 
     private static final Logger LOG = LoggerFactory.getLogger(JksFileChecker.class.getSimpleName());