Cloud WAF certificate management
Last updated 2022-12-05
Before uploading your TLS/SSL certificate, ensure that your private key is not password protected and your certificate information is PEM formatted. Any number of certificates can be uploaded, but no more than 48 unique certificates can be applied to a single Cloud WAF instance.
To view a summary of all TLS certificates protecting your site with Cloud WAF:
- Log in to the Next-Gen WAF console.
- From the Sites menu, select a site if you have more than one site.
- From the Corp Manage menu, select Cloud WAF Certificates. The Certificates page for your site's Cloud WAF appears displaying a summary table that lists the name, domains, status, and expiration details for all certificates at your site.
To view more specific details about a particular TLS certificate, follow the steps above and then click View at the right of a specific site in the summary table.
If TLS connections terminate at the Edge before requests are sent to Cloud WAF, then uploading a TLS certificate is optional. Always upload and use certificates if traffic is direct to the Cloud WAF using HTTPS.
To add a certificate, upload it by following the steps below:
- On the Certificates page, click Add certificate. A page where you can add certificate details appears.
- Fill out the certificate details as follows:
- In the Name field, enter a meaningful name that can help you manage the certificate and distinguish it from any others that may exist.
- In the Certificate body field, enter the body of the unencrypted, PEM-formatted server certificate provided by your certification authority. RSA 2048 and 4096 certificates can be used.
- In the Certificate chain field, enter the certificate chain, which is also known as the intermediate certificate. The certificate chain is not required for self-signed certificates.
- In the Private key field, enter your certificate's private key.
- Click Upload certificate. The newly uploaded certificate appears on the Certificates page in the summary table.
After uploading your certificate, be sure to create a Cloud WAF instance to protect your origin. Keep in mind that, for requests coming from Fastly’s Edge, you can use a Fastly-managed TLS certificate instead when you create a Cloud WAF instance. In this case, uploading a TLS certificate is optional.
Certificates that aren't in use can be deleted as long as your Cloud WAF is not actively being provisioned.
- On the Certificates page, click View to the far right of the certificate. The view certificate page appears.
- Click Remove certificate in the upper-right corner of the page.