From f0bdb132ae5f7a7477cf9218f090680b987fc56e Mon Sep 17 00:00:00 2001 From: Nic <123965403+ngayerie@users.noreply.github.com> Date: Wed, 22 Oct 2025 16:09:51 +0100 Subject: [PATCH 1/2] [SSL] Add note on intermediate selection for bundling Clarify selection of intermediates for certificate bundling methods. CUSTESC-56462 --- .../custom-certificates/bundling-methodologies.mdx | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/content/docs/ssl/edge-certificates/custom-certificates/bundling-methodologies.mdx b/src/content/docs/ssl/edge-certificates/custom-certificates/bundling-methodologies.mdx index 653b2dac0ac4ca..4af0b92454bfe1 100644 --- a/src/content/docs/ssl/edge-certificates/custom-certificates/bundling-methodologies.mdx +++ b/src/content/docs/ssl/edge-certificates/custom-certificates/bundling-methodologies.mdx @@ -16,6 +16,8 @@ Cloudflare maintains intermediate and root certificates used for bundling on a [ Expiration values for these certificates may appear in the `expires_on` field when you use the [Analyze Certificate endpoint](/api/resources/ssl/subresources/analyze/methods/create/) - often when the methodology you specify is [Compatible](#compatible). However, these expiration values reflect intermediate and root certificates - which are handled by Cloudflare -, not the leaf certificate you would have previously uploaded to Cloudflare. +Please note that a selection might be done on the intermediates provided at upload time when using `Compatible` or `Modern`: it's not guaranteed all of them will make it the final chain. You'll need to use `User-defined` to ensure the chain you've uploaded is the one used. + ## Methodologies ### Compatible From 7ea2bd64bd1d676c2a6c3817c85599557577e5b7 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Mon, 27 Oct 2025 14:33:11 +0000 Subject: [PATCH 2/2] Text review and move into note --- .../custom-certificates/bundling-methodologies.mdx | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/content/docs/ssl/edge-certificates/custom-certificates/bundling-methodologies.mdx b/src/content/docs/ssl/edge-certificates/custom-certificates/bundling-methodologies.mdx index 4af0b92454bfe1..e5bd1e27fc0021 100644 --- a/src/content/docs/ssl/edge-certificates/custom-certificates/bundling-methodologies.mdx +++ b/src/content/docs/ssl/edge-certificates/custom-certificates/bundling-methodologies.mdx @@ -16,7 +16,9 @@ Cloudflare maintains intermediate and root certificates used for bundling on a [ Expiration values for these certificates may appear in the `expires_on` field when you use the [Analyze Certificate endpoint](/api/resources/ssl/subresources/analyze/methods/create/) - often when the methodology you specify is [Compatible](#compatible). However, these expiration values reflect intermediate and root certificates - which are handled by Cloudflare -, not the leaf certificate you would have previously uploaded to Cloudflare. -Please note that a selection might be done on the intermediates provided at upload time when using `Compatible` or `Modern`: it's not guaranteed all of them will make it the final chain. You'll need to use `User-defined` to ensure the chain you've uploaded is the one used. +:::note +When using `compatible` or `modern`, a selection might be done on the intermediates you provide at upload time, meaning it is not guaranteed all of them will make it to the final chain. If you must ensure the chain you upload is the one used, select `user-defined`. +::: ## Methodologies