Bulk Redirects and SSL Certs
How do SSL certs work in regards to Bulk Redirects? If a domain isn't in the primary uploaded cert in an account, will it use the next available cert that would have it's domain in the cert?
For example, I have a domain with
domain.com and it has several wildcard SAN's on a cert but it doesn't match in that uploaded cert. I also have several advanced certs with various SAN's on each cert.
Will the bulk redirect request match on one of the advanced certs if it's not available in the primary custom uploaded certs. Thank you. 🙂5 Replies
Bulk Redirects are nothing special, they go through the normal cdn, and the normal cdn has a certificate priority flow: https://developers.cloudflare.com/ssl/reference/certificate-and-hostname-priority/
Cloudflare Docs
Certificate and hostname priority | Cloudflare SSL/TLS docs
Learn about how Cloudflare decides which certificate (and the associated SSL/TLS settings) apply to individual hostnames.
Will the bulk redirect request match on one of the advanced certs if it's not available in the primary custom uploaded certs. Thank you. 🙂Yes It will use the most specific certificate for the requested hostname which matches, then there's the other order conditions as described in the doc as well, but eitherway it'll serve a valid cert
Ok, I haven't tested it yet to see how fast it is compared to using the default cert. I'm guessing it would be negligible.
Thank you by the way.
There's no speed difference lol, a cert is a cert. There's not really a default or anything like that, only ones of different levels
I mean excluding the minor differences in maybe a couple hundred bytes of chain differences/more SANs/etc between different certs
Yeah, I saw the order of precedence. It wouldn't even be noticeable at all.
Appreciate it.