IMPORTANT: This information is part of a limited availability release. Portions of this API may be subject to changes and improvements over time. Fields marked deprecated may be removed in the future and their use is discouraged. For more information, see our product and feature lifecycle descriptions.
The Platform TLS Certificate Deployment Service is available to subscribers who have purchased the service.
Limitations and conditions
The Platform TLS Certificate Deployment Service has the following general limitations:
- This service is not available for private CDN deployments.
- To take advantage of this service, you must procure your own certificates from the certification authority (CA) of your choice. Fastly will not procure certificates on your behalf.
In addition, certificates are deployed using the Platform TLS Certificate Service with the following conditions:
- Certificates hosted using SNI will only be served to browsers that support SNI. Browsers that do not support SNI will not receive the correct certificate for the domain requested.
- The certificate deployment process takes an average of approximately 20 minutes to complete once a certificate is submitted, but may take as long as an hour.
- Fastly will automatically choose the certificate delivered for a given request based on the host requested.
- The certificate with the most specific hostname will be prioritized over certificates with less specific hostnames. For example, on a request for
api.example.com, Fastly will prioritize a certificate with a SAN entry for
api.example.comover a different certificate with a SAN entry for
- If an identical hostname appears on more than one certificate, then the most recently uploaded certificate will be used. We recommend that you manage certificates such that hostnames remain unique for them.