Updated to reflect RSA and ECDSA cert bundling on custom hostnames

mia303 · mia303 · commit 7e2a0e6f1be6 · 2025-02-05T16:10:36.000-05:00
diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/index.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/index.mdx
@@ -28,6 +28,4 @@ Cloudflare also only accepts publicly trusted certificates of these types:
 * `SHA1WithRSA`
 * `ECDSAWithSHA256`
 
-You can only use one of the different supported types. For example, you cannot upload an `SHA256WithRSA` + `ECDSAWithSHA256` certificate.
-
 If you attempt to upload another type of certificate or a certificate that has been self-signed, it will be rejected.
diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/custom-certificates/uploading-certificates.mdx
@@ -28,7 +28,7 @@ For more details on bundle method, refer to [Bundle Methodologies](/ssl/edge-cer
 
 ### With the API
 
-The call below will upload a certificate for use with `app.example.com`.
+### The call below will upload a certificate for use with `app.example.com`.
 
 Note that if you are using an ECC key generated by OpenSSL, you will need to first remove the `-----BEGIN EC PARAMETERS-----...-----END EC PARAMETERS-----` section of the file.
 
@@ -58,6 +58,18 @@ Use a [POST request](/api/resources/custom_hostnames/methods/create/) to upload
 
 The serial number returned is unique to the issuer, but not globally unique. Additionally, it is returned as a string, not an integer.
 
+## Certificate bundling
+
+Use a [PATCH request](/api/resources/custom_hostnames/methods/edit/) to upload an RSA and/or ECDSA certificate to a custom hostname.
+
+### Delete a custom certificate and custom key for custom hostname
+
+Use a [DELETE request](/api/resources/custom_hostnames/subresources/certificate_pack/) to remove one custom certificate and key from a custom hostname. You cannot delete a certificate if it is the only remaining certificate in the pack.
+
+### Replace a custom certificate and custom key in custom hostname
+
+Use a [PUT request](/api/resources/custom_hostnames/subresources/certificate_pack/subresources/certificates/methods/update/) to replace a single custom certificate within a certificate pack within a certificate pack that contains two bundled certificates. You can only replace an RSA certificate with another RSA certificate or an ECDSA certificate with another ECDSA certificate.
+
 ***
 
 ## Move to a Cloudflare certificate
