Question around cross-signed CA certificates

Is anyone able to advise on how we confirm what changes we need to enforce following the announcement: Cloudflare will stop issuing certificates from the cross-signed CA chain on May 15th, 2024.

The article lists recommended steps, but I just need a bit more help within the Cloudflare Dashboard itself really.

Any help is appreciated!

In short, no changes are needed unless…

  • Your Cloudflare edge certificate is issued by LetsEncrypt (although it could change to LetsEncrypt later)
    and
  • You have a lot of users using old devices (most likely, Android 7.1.1 or earlier).

If the last case is true and you must supoprt those users, you can use Cloudflare’s Advanced Certificate manager to select an alternate CA to LetsEncrypt.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.