From 11bbec75279a605c719e3c85735f0f49faec9605 Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Fri, 18 Oct 2024 16:00:15 -0500 Subject: [PATCH 1/3] Add banner --- .../connect-devices/warp/user-side-certificates/index.mdx | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/index.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/index.mdx index 1aa4c50546a1efc..deb1ed26c06ce95 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/index.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/index.mdx @@ -3,14 +3,14 @@ pcx_content_type: navigation title: User-side certificates sidebar: order: 4 +banner: + content: The global Cloudflare root certificate will expire on 2025-02-02. If you installed the Cloudflare certificate before 2024-17-10, generate a new certificate for your Zero Trust organization. --- Advanced security features such as [HTTPS traffic inspection](/cloudflare-one/policies/gateway/http-policies/tls-decryption/), [Data Loss Prevention](/cloudflare-one/policies/data-loss-prevention/), [anti-virus scanning](/cloudflare-one/policies/gateway/http-policies/antivirus-scanning/), [Access for Infrastructure](/cloudflare-one/applications/non-http/infrastructure-apps/), and [Browser Isolation](/cloudflare-one/policies/browser-isolation/) require users to install and trust a root certificate on their device. You can either install the certificate provided by Cloudflare (default option), or generate your own custom certificate and upload it to Cloudflare. Gateway [generates a unique root CA](#generate-a-cloudflare-root-certificate) for each Zero Trust account and deploys its across the Cloudflare global network. Alternatively, Enterprise users can upload and deploy their own [custom certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/custom-certificate/). -Once you deploy your certificate across Cloudflare and turn it on, you can install it on your user's devices either [with WARP](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/install-cert-with-warp/) or [manually](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/install-cloudflare-cert/). - | Deployment status | Description | | ----------------- | ---------------------------------------------------------------------------------------------- | | Inactive | The certificate has been uploaded to Cloudflare but is not deployed across the global network. | @@ -57,3 +57,5 @@ The status of the certificate will change to **Pending** while it deploys. Once 4. In **Basic information**, select **Confirm and turn on certificate**. Only one certificate can be turned on for inspection at a time. Setting a certificate as **In-Use** will set any other turned on certificates as **Active** and prevent them from being used for inspection until turned on again. + +Once you deploy your certificate across Cloudflare and turn it on, you can install it on your user's devices either [with WARP](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/install-cert-with-warp/) or [manually](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/install-cloudflare-cert/). From 1392c370ddab38ba58bebc41e12121ec4b7f238a Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Fri, 18 Oct 2024 16:00:27 -0500 Subject: [PATCH 2/3] Change content type --- .../connect-devices/warp/user-side-certificates/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/index.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/index.mdx index deb1ed26c06ce95..210cdc805787953 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/index.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/index.mdx @@ -1,5 +1,5 @@ --- -pcx_content_type: navigation +pcx_content_type: get-started title: User-side certificates sidebar: order: 4 From cc2c3d7fcac5a9fcc852beb5b5f10fc5df19e864 Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Fri, 18 Oct 2024 16:19:42 -0500 Subject: [PATCH 3/3] Refine banner message --- .../warp/user-side-certificates/index.mdx | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/index.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/index.mdx index 210cdc805787953..048ecb878397e09 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/index.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/index.mdx @@ -4,19 +4,21 @@ title: User-side certificates sidebar: order: 4 banner: - content: The global Cloudflare root certificate will expire on 2025-02-02. If you installed the Cloudflare certificate before 2024-17-10, generate a new certificate for your Zero Trust organization. + content: The default global Cloudflare root certificate will expire on 2025-02-02. If you installed the default Cloudflare certificate before 2024-17-10, you must generate a new certificate and activate it for your Zero Trust organization to avoid inspection errors. --- Advanced security features such as [HTTPS traffic inspection](/cloudflare-one/policies/gateway/http-policies/tls-decryption/), [Data Loss Prevention](/cloudflare-one/policies/data-loss-prevention/), [anti-virus scanning](/cloudflare-one/policies/gateway/http-policies/antivirus-scanning/), [Access for Infrastructure](/cloudflare-one/applications/non-http/infrastructure-apps/), and [Browser Isolation](/cloudflare-one/policies/browser-isolation/) require users to install and trust a root certificate on their device. You can either install the certificate provided by Cloudflare (default option), or generate your own custom certificate and upload it to Cloudflare. Gateway [generates a unique root CA](#generate-a-cloudflare-root-certificate) for each Zero Trust account and deploys its across the Cloudflare global network. Alternatively, Enterprise users can upload and deploy their own [custom certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/custom-certificate/). -| Deployment status | Description | -| ----------------- | ---------------------------------------------------------------------------------------------- | -| Inactive | The certificate has been uploaded to Cloudflare but is not deployed across the global network. | -| Pending | The certificate is being activated or deactivated for use. | -| Active | The certificate is deployed across the Cloudflare global network and ready to be turned on. | -| Active and In-Use | The certificate is turned on. Gateway will use the certificate for inspection. | +Zero Trust will indicate if a certificate is ready for use in inspection based on its deployment status: + +| Deployment status | Description | +| ----------------- | -------------------------------------------------------------------------------------------------------------- | +| Inactive | The certificate has been generated by or uploaded to Cloudflare but is not deployed across the global network. | +| Pending | The certificate is being activated or deactivated for use. | +| Active | The certificate is deployed across the Cloudflare global network and ready to be turned on. | +| Active and In-Use | The certificate is turned on. Gateway will use the certificate for inspection. | ## Generate a Cloudflare root certificate