[SSL] Add callout regarding SaaS in AOP docs (#17225)

* [SSL] Update zone-level.mdx PCX-13840 / CUSTESC-42471 * Update zone-level.mdx * Introduce AOP acronym and link out to custom hostnames docs --------- Co-authored-by: Rebecca Tamachiro <rtamachiro@cloudflare.com>
cloudflare · Oct 18, 2024 · c08469f · c08469f
1 parent 04fc3ec
commit c08469f
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 2 deletions.
diff --git a/src/content/docs/ssl/origin-configuration/authenticated-origin-pull/index.mdx b/src/content/docs/ssl/origin-configuration/authenticated-origin-pull/index.mdx
@@ -11,7 +11,7 @@ description: Authenticated Origin Pulls helps ensure requests to your origin
 
 import { FeatureTable } from "~/components"
 
-Authenticated Origin Pulls helps ensure requests to your origin server come from the Cloudflare network, which provides an additional layer of security on top of [Full](/ssl/origin-configuration/ssl-modes/full/) or [Full (strict)](/ssl/origin-configuration/ssl-modes/full-strict/) encryption modes.
+Authenticated Origin Pulls (AOP) helps ensure requests to your origin server come from the Cloudflare network, which provides an additional layer of security on top of [Full](/ssl/origin-configuration/ssl-modes/full/) or [Full (strict)](/ssl/origin-configuration/ssl-modes/full-strict/) encryption modes.
 
 This authentication becomes particularly important with the [Cloudflare Web Application Firewall (WAF)](/waf/). Together with the WAF, you can make sure that **all traffic** is evaluated before receiving a response from your origin server.
 

diff --git a/...t/docs/ssl/origin-configuration/authenticated-origin-pull/set-up/zone-level.mdx b/...t/docs/ssl/origin-configuration/authenticated-origin-pull/set-up/zone-level.mdx
@@ -11,12 +11,19 @@ head:
 
 import { AvailableNotifications, Render } from "~/components"
 
-When you enable Authenticated Origin Pulls for a zone, all proxied traffic to your zone is authenticated at the origin web server.
+When you enable Authenticated Origin Pulls (AOP) for a zone, all proxied traffic to your zone is authenticated at the origin web server.
 
 ## Before you begin
 
 Make sure your zone is using an [SSL/TLS encryption mode](/ssl/origin-configuration/ssl-modes/) of **Full** or higher.
 
+:::caution
+
+Zone-level AOP certificates are also applied to [custom hostnames](/cloudflare-for-platforms/cloudflare-for-saas/domain-support/) configured on a Cloudflare for SaaS zone.
+If you need a different AOP certificate to apply to different custom hostnames, use [Per-hostname AOP](/ssl/origin-configuration/authenticated-origin-pull/set-up/per-hostname/).
+
+:::
+
 ## 1. Upload certificate to origin
 
 First, upload a certificate to your origin.