[SSL, SaaS] Explain cloudflare_branding for hostnames over 64 characters (#18097)

RebeccaTamachiro · web-flow · commit 2804f5fe6ff2 · 2024-11-11T16:39:29.000Z
* Add references to cloudflare_branding within SSL/TLS tile

* Add explanation to CH docs and improve RFC links consistency
diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/domain-support/create-custom-hostnames.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/domain-support/create-custom-hostnames.mdx
@@ -28,3 +28,18 @@ To create a custom hostname:
 </TabItem> </Tabs>
 
 <Render file="issue-certs-preamble" />
+
+
+## Hostnames over 64 characters
+
+The Common Name (CN) restriction establishes a limit of 64 characters ([RFC 5280](https://www.rfc-editor.org/rfc/rfc5280.html)). If you have a hostname that exceeds this length, you can set `cloudflare_branding` to `true` when creating your custom hostnames [via API](/api/operations/custom-hostname-for-a-zone-create-custom-hostname).
+
+```txt
+
+"ssl": {
+    "cloudflare_branding": true
+  }
+
+```
+
+Cloudflare branding means that `sni.cloudflaressl.com` will be added as the certificate Common Name (CN) and the long hostname will be included as a part of the Subject Alternative Name (SAN).
diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/reference/troubleshooting.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/reference/troubleshooting.mdx
@@ -110,3 +110,15 @@ Refer to the [full migration guide](/ssl/reference/migration-guides/lets-encrypt
 
 The [zone hold feature](/fundamentals/setup/account/account-security/zone-holds/) is a toggle that will prevent their zone from being activated on other Cloudflare account.
 When the option `Also prevent subdomains` is enabled, this prevents the verification of custom hostnames for this domain. The custom hostname will remain in the `Blocked` status, with the following error message: `The hostname is associated with a held zone. Please contact the owner of this domain to have the hold removed.` In this case, the owner of the zone needs to [release the hold](/fundamentals/setup/account/account-security/zone-holds/#release-zone-holds) before the custom hostname can become activated.
+
+## Hostnames over 64 characters
+
+The Common Name (CN) restriction establishes a limit of 64 characters ([RFC 5280](https://www.rfc-editor.org/rfc/rfc5280.html)). If you have a hostname that exceeds this length, you may find the following error:
+
+```txt
+Since no host is 64 characters or fewer, Cloudflare Branding is required. Please check your input and try again. (1469)
+```
+
+To solve this, you can set `cloudflare_branding` to `true` when [creating your custom hostnames](/cloudflare-for-platforms/cloudflare-for-saas/domain-support/create-custom-hostnames/#hostnames-over-64-characters) via API.
+
+Cloudflare branding means that `sni.cloudflaressl.com` will be added as the certificate Common Name (CN) and the long hostname will be included as a part of the Subject Alternative Name (SAN).
diff --git a/src/content/docs/ssl/edge-certificates/advanced-certificate-manager/manage-certificates.mdx b/src/content/docs/ssl/edge-certificates/advanced-certificate-manager/manage-certificates.mdx
@@ -25,16 +25,19 @@ To create a new advanced certificate in the dashboard:
 3. Select **Order Advanced Certificate**.
 4. If Cloudflare does not have your billing information, you will need to enter that information.
 5. Enter the following information:
-   - Certificate Authority
-   - Certificate Hostnames
+   - Certificate authority
+   - Certificate hostnames
+	   - For hostnames longer than 64 characters, use the API.
    - Validation method
-   - Certificate Validity Period
+   - Certificate validity period
 6. Select **Save**.
 
 </TabItem> <TabItem label="API">
 
 To create a new certificate using the API, send a [POST request](/api/operations/certificate-packs-order-advanced-certificate-manager-certificate-pack) to the Cloudflare API.
 
+If you need certificates for hostnames longer than 64 characters ([RFC 5280](https://www.rfc-editor.org/rfc/rfc5280.html)), set the `cloudflare_branding` option to `true`. This will add `sni.cloudflaressl.com` in the Common Name (CN) field and will include the long hostname as a part of the Subject Alternative Name (SAN).
+
 </TabItem> </Tabs>
 
 :::caution
diff --git a/src/content/partials/ssl/total-tls-character-limitation.mdx b/src/content/partials/ssl/total-tls-character-limitation.mdx
@@ -3,4 +3,4 @@
 
 ---
 
-Total TLS certificates follow the [Common Name (CN) restriction](https://www.rfc-editor.org/rfc/rfc5280.html) of 64 characters. If you have a hostname that exceeds this length, you can manually create an [Advanced Certificate](/ssl/edge-certificates/advanced-certificate-manager/manage-certificates/#create-a-certificate) to cover it.
+Total TLS certificates follow the Common Name (CN) restriction of 64 characters ([RFC 5280](https://www.rfc-editor.org/rfc/rfc5280.html)). If you have a hostname that exceeds this length, you can create an [Advanced Certificate](/ssl/edge-certificates/advanced-certificate-manager/manage-certificates/#create-a-certificate) via API to cover it.

Original file line number	Diff line number	Diff line change
`@@ -3,4 +3,4 @@`
`3`	`3`
`4`	`4`	`---`
`5`	`5`
`6`		`-Total TLS certificates follow the [Common Name (CN) restriction](https://www.rfc-editor.org/rfc/rfc5280.html) of 64 characters. If you have a hostname that exceeds this length, you can manually create an [Advanced Certificate](/ssl/edge-certificates/advanced-certificate-manager/manage-certificates/#create-a-certificate) to cover it.`
	`6`	`+Total TLS certificates follow the Common Name (CN) restriction of 64 characters ([RFC 5280](https://www.rfc-editor.org/rfc/rfc5280.html)). If you have a hostname that exceeds this length, you can create an [Advanced Certificate](/ssl/edge-certificates/advanced-certificate-manager/manage-certificates/#create-a-certificate) via API to cover it.`