Chase
CDCloudflare Developers
•Created by Mitya on 1/23/2025 in #general-help
Zero trust says my cert is expiring, and that's it's in use. But by what?
Based on your initial message, you may not be using Zero Trust so my guess is that those notices are showing because TLS decryption is turned on.
7 replies
CDCloudflare Developers
•Created by Mitya on 1/23/2025 in #general-help
Zero trust says my cert is expiring, and that's it's in use. But by what?
Hi! Gateway PM here and apologies for the confusion.
This certificate rotation is necessary for anyone who has:
a) TLS decryption turned on (check ZT Settings > Network > Scroll a bit)
OR
b) DNS policies with block pages enabled. (check ZT Gateway > Firewall Policies > DNS)
If you aren't using Gateway DNS or HTTP policies at all, this should not apply to you (and you can turn TLS decryption off). If you are using enforcing DNS or HTTP policies, you need to download and install the new CA on your devices and then mark it as In-Use after that is complete.
Agree we could be smarter about some of the notifications which we are working on improving for future iterations. It's somewhat hard to target customers based on their actual usage / deployment so we went for a more conservative approach for all accounts based on the criteria above.
7 replies