From 019ce2438fd7e1e8cdf0af305d3a379cfe99d98b Mon Sep 17 00:00:00 2001
From: Max Phillips <mphillips@cloudflare.com>
Date: Thu, 17 Apr 2025 16:49:33 -0500
Subject: [PATCH 1/2] Update custom cert warning

---
 .../user-side-certificates/custom-certificate.mdx             | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/custom-certificate.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/custom-certificate.mdx
index 84993080cc76cb5..99d470f5335fc13 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/custom-certificate.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/custom-certificate.mdx
@@ -19,7 +19,9 @@ Enterprise customers who do not wish to install a [Cloudflare certificate](/clou
 You can upload up to five custom root certificates. If your organization requires more than five certificates, contact your account team.
 
 :::caution
-Custom certificates are limited to use between your users and the Gateway proxy. Connections between Gateway and the origin server will use a Cloudflare certificate.
+Custom certificates are limited to use between your users and the Gateway proxy. Gateway connects to origin servers using publicly trusted certificates, similar to how a browser validates secure websites.
+
+If your users need to connect to self-signed origin servers, set the [untrusted certificate action](/cloudflare-one/policies/gateway/http-policies/#untrusted-certificates) to _Pass through_ in an HTTP policy.
 :::
 
 ## Generate a custom root CA

From fa2450b3524b61905c9aef52bd22d2da53b88a99 Mon Sep 17 00:00:00 2001
From: Max Phillips <mphillips@cloudflare.com>
Date: Fri, 18 Apr 2025 13:14:04 -0400
Subject: [PATCH 2/2] Update
 src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/custom-certificate.mdx

---
 .../user-side-certificates/custom-certificate.mdx               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/custom-certificate.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/custom-certificate.mdx
index 99d470f5335fc13..c1a4a3afce8cf5d 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/custom-certificate.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/custom-certificate.mdx
@@ -21,7 +21,7 @@ You can upload up to five custom root certificates. If your organization require
 :::caution
 Custom certificates are limited to use between your users and the Gateway proxy. Gateway connects to origin servers using publicly trusted certificates, similar to how a browser validates secure websites.
 
-If your users need to connect to self-signed origin servers, set the [untrusted certificate action](/cloudflare-one/policies/gateway/http-policies/#untrusted-certificates) to _Pass through_ in an HTTP policy.
+If your users need to connect to self-signed origin servers, create an HTTP Allow policy for the origin server with the [untrusted certificate action](/cloudflare-one/policies/gateway/http-policies/#untrusted-certificates) set to _Pass through_.
 :::
 
 ## Generate a custom root CA