Cloud WAF certificate management

  Last updated 2022-12-05

IMPORTANT

This guide only applies to Next-Gen WAF customers with access to the Next-Gen WAF control panel. If you have access to the Next-Gen WAF product in the Fastly control panel, you can only deploy the Next-Gen WAF with the Edge WAF deployment method.

Before you begin

Before uploading your TLS/SSL certificate, ensure that your private key is not password protected and your certificate information is PEM formatted. Any number of certificates can be uploaded, but no more than 48 unique certificates can be applied to a single Cloud WAF instance.

Viewing certificates and their details

To view a summary of all TLS certificates protecting your site (also known as workspace) with Cloud WAF:

  1. Log in to the Next-Gen WAF control panel.
  2. From the Corp Manage menu, select Cloud WAF Certificates. The Certificates page for your site's Cloud WAF appears displaying a summary table that lists the name, domains, status, and expiration details for all certificates at your site.
  3. (Optional) Click View at the right of a specific site in the summary table to view additional details for a particular TLS certificate.

Adding certificates

NOTE

If TLS connections terminate at the Edge before requests are sent to Cloud WAF, then uploading a TLS certificate is optional. Always upload and use certificates if traffic is direct to the Cloud WAF using HTTPS.

To add a certificate, upload it by following the steps below:

  1. Log in to the Next-Gen WAF control panel.
  2. From the Corp Manage menu, select Cloud WAF Certificates.
  3. Click Add certificate. A page where you can add certificate details appears.
  4. Fill out the certificate details as follows:
    • In the Name field, enter a meaningful name that can help you manage the certificate and distinguish it from any others that may exist.
    • In the Certificate body field, enter the body of the unencrypted, PEM-formatted server certificate provided by your certification authority. RSA 2048 and 4096 certificates can be used.
    • In the Certificate chain field, enter the certificate chain, which is also known as the intermediate certificate. The certificate chain is not required for self-signed certificates.
    • In the Private key field, enter your certificate's private key.
  5. Click Upload certificate. The newly uploaded certificate appears on the Certificates page in the summary table.

After uploading your certificate, be sure to create a Cloud WAF instance to protect your origin. Keep in mind that, for requests coming from Fastly’s Edge, you can use a Fastly-managed TLS certificate instead when you create a Cloud WAF instance. In this case, uploading a TLS certificate is optional.

Deleting a certificate

Certificates that aren't in use can be deleted as long as your Cloud WAF is not actively being provisioned.

  1. Log in to the Next-Gen WAF control panel.
  2. From the Corp Manage menu, select Cloud WAF Certificates.
  3. Click View to the right of the certificate that you want to delete. The view certificate page appears.
  4. Click Remove certificate in the upper-right corner of the page.
Was this guide helpful?

Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Fastly
© Fastly 2025