CD
Cloudflare Developers4mo ago
GO

which type of certificate product is used for Cloudflare Pages

Hello, I have a question regarding the SSL/TLS certificates used by Cloudflare Pages. With the upcoming changes to Let's Encrypt's certificate chain, I am trying to understand which type of certificate product is used for Cloudflare Pages. Can you confirm whether it uses Universal SSL, Advanced Certificate, SSL for SaaS, or Custom Certificates? I'm particularly interested in knowing this because of the following article, which suggests that no action is needed if Universal SSL is used. https://blog.cloudflare.com/shortening-lets-encrypt-change-of-trust-no-impact-to-cloudflare-customers Thank you!
The Cloudflare Blog
How we ensure Cloudflare customers aren't affected by Let's Encrypt...
Let’s Encrypt’s cross-signed chain will be expiring in September. This will affect legacy devices with outdated trust stores (Android versions 7.1.1 or older). To prevent this change from impacting customers, Cloudflare will shift Let’s Encrypt certificates upon renewal to use a different CA
4 Replies
Chaika
Chaika4mo ago
CF Pages uses a Universal for the pagesproject.pages.dev and SSL for SaaS/CF for SaaS for custom domains, although iirc it forcefully sets the CA
GO
GO4mo ago
Thank you for the information! I'm using a custom domain and believe it might be set up with SSL for SaaS/CF for SaaS. According to the documentation, ">With SSL for SaaS, customers have two options: using a default CA, meaning Cloudflare will choose the issuing authority, or specifying which CA to use." Could you please help me determine which option is being used for my domain? I've searched through the official documents and the console but couldn't find this detail.
Chaika
Chaika4mo ago
I believe Pages specifies a specific CA to use for each (GTS or LE, don't think they ever used Digicert) Keeping in mind the LE deprecation only effects devices older then 2016/a small subset of devices, not sure if the Pages team plans to stop using LE or not
GO
GO4mo ago
Thanks you! According to the doc, "90 days or one certificate lifecycle before the change, we are going to start shifting Let’s Encrypt certificates to use a different certificate authority. We’ll make this change for all products where Cloudflare is responsible for the CA selection, meaning this will be automatically done for customers using Universal SSL and SSL for SaaS with the 'default CA' choice." So, it seems like Cloudflare might automatically handle the transition.
Want results from more Discord servers?
Add your server
More Posts
Hi, how can i set custom headers whenHi, how can i set custom headers when downloading a file via presigned url? I tried setting it likAttachments with MailchannelsHello everyone, Is it possible to send emails with attachments using the mailchannels plugin? Or hasAttachments with MailchannelsHello everyone, Is it possible to send emails with attachments using the mailchannels plugin? Or hasDeployment fails without any information (Nuxt 3)Account ID: 1cd594a2551974128ba6e91b0509eef4 Deployment ID (I think?): 1b136818-bb86-4ada-ad89-0e872Weird HTTP traffic passing through [HTTP 499 with random referers]We've been experiencing weird attacks coming through CF. The requests are HTTP/2.0 with no CF-Connecdoes the billing page show everything you can be charged for?just want to confirm that there's no hidden page im missing and that the "Billable usage" page showsWrangler Dev ErrorHello, I'm trying to run wrangler on my workers project and getting the following error stack trace.Worker path matching and query params conundrumI'm seeing a lot of issues related to this and no real solution. The problem is very simple and comhow to get the worker duration in a tail workerwould it be possible to have `TailItems` include the start/end timestamp for the worker? (or did i mCan't deploy a nextjs pages site in subdirectoryI want to make a repo with many subpackages as templates. so trying to make sure this next site work