[ZT] Certificate limits (#17929)

cloudflare · Nov 1, 2024 · 844332a · 844332a
1 parent 7c75b51
commit 844332a
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 1 deletion.
diff --git a/src/content/docs/cloudflare-one/account-limits.mdx b/src/content/docs/cloudflare-one/account-limits.mdx
@@ -68,6 +68,14 @@ This page lists the default account limits for rules, applications, fields, and
 | ----------------- | ----- |
 | Tests per account | 10    |
 
+## Certificates
+
+| Feature                        | Limit |
+| ------------------------------ | ----- |
+| Active certificates            | 25    |
+| Certificates generated per day | 3     |
+| Custom certificates            | 5     |
+
 ## Maximum number of characters
 
 | Feature                | Character limit |

diff --git a/.../connections/connect-devices/warp/user-side-certificates/custom-certificate.mdx b/.../connections/connect-devices/warp/user-side-certificates/custom-certificate.mdx
@@ -18,6 +18,8 @@ Only available on Enterprise plans.
 
 Enterprise customers who do not wish to install a [Cloudflare certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment/) have the option to upload their own root certificate to Cloudflare. This feature is sometimes referred to as Bring Your Own Public Key Infrastructure (BYOPKI). Gateway will use your uploaded certificate to encrypt all sessions between the end user and Gateway, enabling all HTTPS inspection features that previously required a Cloudflare certificate. You can upload multiple certificates to your account, but only one can be active at any given time. You also need to upload a private key to intercept domains with JIT certificates and to enable the [block page](/cloudflare-one/policies/gateway/block-page/).
 
+You can upload up to five custom root certificates. If your organization requires more than five certificates, contact your account team.
+
 :::caution
 Custom certificates are limited to use between your users and the Gateway proxy. Connections between Gateway and the origin server will use a Cloudflare certificate.
 :::

diff --git a/...loudflare-one/connections/connect-devices/warp/user-side-certificates/index.mdx b/...loudflare-one/connections/connect-devices/warp/user-side-certificates/index.mdx
@@ -42,7 +42,7 @@ Each Zero Trust account can generate a new root certificate a maximum of three t
 Zero Trust accounts using the Cloudflare certificate prior to September 2024 will need to redeploy and activate the newly generated certificate. Zero Trust accounts created during or after September 2024 will use an active certificate by default.
 :::
 
-Once a certificate is generated in or uploaded to Zero Trust, you need to activate it. Activating a certificate deploys it across the Cloudflare network.
+Once a certificate is generated in or uploaded to Zero Trust, you need to activate it. Activating a certificate deploys it across the Cloudflare network. You can have up to 25 active certificates at once.
 
 To activate your root certificate: