Overview

Workers VPC now accepts Cloudflare Origin CA certificates when connecting to private services over HTTPS. This expands the certificate options previously limited to publicly trusted certificate authorities (CAs) such as Let's Encrypt and DigiCert.

What Changed

Previously, Workers VPC only validated certificates issued by public CAs. You can now use free Cloudflare Origin CA certificates on origin servers within private networks and connect to them securely from Workers VPC using the https scheme.

Use Cases & Benefits

• Cost-effective encryption: Leverage free Origin CA certificates instead of provisioning certificates from external public CAs
• Private network security: Encrypt tunnel-to-service traffic within your private network without public CA requirements
• Seamless integration: Use the standard https scheme with Origin CA certificates just as you would with other supported CA types

Action Items

To use this feature, configure your origin servers with Cloudflare Origin CA certificates and reference them when connecting from Workers VPC. Refer to the Supported TLS certificates documentation for configuration details.