Last updated 2023-08-16
Certainly is Fastly's publicly-trusted certification authority (CA) that generates Transport Layer Security (TLS) certificates to provide trusted identification of secured websites. Certainly is only available for use with Fastly TLS.
TLS provides security and legitimacy to your website or application by serving traffic over HTTPS, something users expect to ensure their web activity is secure. For TLS to work, domains need to be validated and approved by a trusted CA that issues certificates to web servers, thus confirming ownership of a site. In turn, those certificates provide the credentials used by TLS and other security protocols that allow servers to prove their authenticity and to establish encrypted, private sessions with web clients without requiring a pre-existing relationship. Certainly is designed to help simplify, automate, and scale the management of TLS certificates on Fastly.
When using Fastly managed certificates in Fastly TLS, you can generate certificates with Certainly instead of a third-party certification authority. Certainly issues certificates that are valid for 30 days. Fastly will attempt to re-verify your domain and renew your certificate after 20 days as long as your DNS records point to Fastly and your Certification Authority Authorization (CAA), if in use, is set to Certainly. Having certificates re-verified and renewed in a shorter time period provides extra security by forcing the regular re-validation of ownership and rotation of the TLS certificates and asymmetric keys.
Customers using Fastly’s Platform TLS service are currently not able to use Certainly certificates with that product and must continue to manage their own certificates.