which type of certificate product is used for Cloudflare Pages

Hello, I have a question regarding the SSL/TLS certificates used by Cloudflare Pages. With the upcoming changes to Let's Encrypt's certificate chain, I am trying to understand which type of certificate product is used for Cloudflare Pages. Can you confirm whether it uses Universal SSL, Advanced Certificate, SSL for SaaS, or Custom Certificates? I'm particularly interested in knowing this because of the following article, which suggests that no action is needed if Universal SSL is used. https://blog.cloudflare.com/shortening-lets-encrypt-change-of-trust-no-impact-to-cloudflare-customers Thank you!
The Cloudflare Blog
How we ensure Cloudflare customers aren't affected by Let's Encrypt...
Let’s Encrypt’s cross-signed chain will be expiring in September. This will affect legacy devices with outdated trust stores (Android versions 7.1.1 or older). To prevent this change from impacting customers, Cloudflare will shift Let’s Encrypt certificates upon renewal to use a different CA
4 Replies
Chaika
Chaika8mo ago
CF Pages uses a Universal for the pagesproject.pages.dev and SSL for SaaS/CF for SaaS for custom domains, although iirc it forcefully sets the CA
GO
GOOP8mo ago
Thank you for the information! I'm using a custom domain and believe it might be set up with SSL for SaaS/CF for SaaS. According to the documentation, ">With SSL for SaaS, customers have two options: using a default CA, meaning Cloudflare will choose the issuing authority, or specifying which CA to use." Could you please help me determine which option is being used for my domain? I've searched through the official documents and the console but couldn't find this detail.
Chaika
Chaika8mo ago
I believe Pages specifies a specific CA to use for each (GTS or LE, don't think they ever used Digicert) Keeping in mind the LE deprecation only effects devices older then 2016/a small subset of devices, not sure if the Pages team plans to stop using LE or not
GO
GOOP8mo ago
Thanks you! According to the doc, "90 days or one certificate lifecycle before the change, we are going to start shifting Let’s Encrypt certificates to use a different certificate authority. We’ll make this change for all products where Cloudflare is responsible for the CA selection, meaning this will be automatically done for customers using Universal SSL and SSL for SaaS with the 'default CA' choice." So, it seems like Cloudflare might automatically handle the transition.
Want results from more Discord servers?
Add your server