Skip to content

GatewayCertificate

Source: src/Cloudflare/Gateway/Certificate.ts

A Cloudflare Zero Trust Gateway certificate — a Cloudflare-generated CA used by Gateway to inspect TLS traffic (HTTPS filtering, antivirus scanning, browser isolation). The certificate body is generated by Cloudflare; you only choose the validity period and whether it is activated (deployed to the edge).

To make Gateway actually intercept with this certificate, reference its certificateId from the Gateway configuration’s certificate setting (see Cloudflare.GatewayConfiguration).

Creating a Certificate

Section titled “Creating a Certificate”

Activated certificate (default)

const cert = yield* Cloudflare.GatewayCertificate("InspectionCa", {});
// cert.bindingStatus === "available" once deployed to the edge

Short-lived, kept inactive

const cert = yield* Cloudflare.GatewayCertificate("StagedCa", {
  validityPeriodDays: 365,
  activate: false,
});

Using the certificate for TLS interception

Section titled “Using the certificate for TLS interception”
const cert = yield* Cloudflare.GatewayCertificate("InspectionCa", {});
yield* Cloudflare.GatewayConfiguration("Gateway", {
  settings: {
    tlsDecrypt: { enabled: true },
    certificate: { id: cert.certificateId },
  },
});