Clarify Keyless key server auto-generates its certificate#31821
Clarify Keyless key server auto-generates its certificate#31821baubuchon-cf wants to merge 1 commit into
Conversation
Adds a note to the Activate step: on first start (with hostname, Zone ID, and Origin CA API key set), gokeyless generates its key + CSR and gets the certificate signed automatically — no manual cert creation needed. Addresses T257 / customer feedback.
Review✅ No issues found in commit Code ReviewThis code review is in beta and may not always be helpful — use your judgment. No code review issues found. ConventionsChecks PR title, description, and redirect checklist. No convention issues found. Style Guide ReviewNo style-guide issues found. RedirectsNo missing redirect entries found. CommandsOnly codeowners can run commands. Post a comment with the command to trigger it.
|
|
This pull request requires reviews from CODEOWNERS as it changes files that match the following patterns:
|
|
|
||
| :::note | ||
|
|
||
| The first time the key server starts with the hostname, Zone ID, and Origin CA API key set, it automatically generates its own private key and certificate signing request (CSR), submits the CSR to Cloudflare, and saves the signed authentication certificate it presents for mutual TLS. You do not need to create this certificate manually. If those three values are not set, the key server will not start and asks you to set them — or to run it with `--config-only` or `--manual-activation` to generate the key and CSR interactively. |
There was a problem hiding this comment.
Fix tense consistency:
| The first time the key server starts with the hostname, Zone ID, and Origin CA API key set, it automatically generates its own private key and certificate signing request (CSR), submits the CSR to Cloudflare, and saves the signed authentication certificate it presents for mutual TLS. You do not need to create this certificate manually. If those three values are not set, the key server will not start and asks you to set them — or to run it with `--config-only` or `--manual-activation` to generate the key and CSR interactively. | |
| The first time the key server starts with the hostname, Zone ID, and Origin CA API key set, it automatically generates its own private key and certificate signing request (CSR), submits the CSR to Cloudflare, and saves the signed authentication certificate it presents for mutual TLS. You do not need to create this certificate manually. If those three values are not set, the key server will not start and will ask you to set them — or to run it with `--config-only` or `--manual-activation` to generate the key and CSR interactively. |
|
Reviewed PR #31821. Summary: This PR adds a helpful clarification to the Keyless SSL key server setup partial ( Labels applied: Issues flagged:
No build-breaking MDX issues, frontmatter problems, or incorrect links were found. The addition uses the correct admonition syntax ( |
|
Preview URL: https://e9bb2d9a.preview.developers.cloudflare.com |
Adds a note to the Activate step: on first start (with hostname, Zone ID, and Origin CA API key set), gokeyless generates its key + CSR and gets the certificate signed automatically — no manual cert creation needed. Addresses T257 / customer feedback.
Summary
Screenshots (optional)
Documentation checklist