cloudflare · maxvp · Oct 21, 2024 · Oct 18, 2024 · Oct 18, 2024 · Oct 18, 2024
@@ -1,22 +1,24 @@
 ---
-pcx_content_type: navigation
+pcx_content_type: get-started
 title: User-side certificates
 sidebar:
   order: 4
+banner:
+  content: The default global Cloudflare root certificate will expire on 2025-02-02. If you installed the default Cloudflare certificate before 2024-17-10, you must <a href="#generate-a-cloudflare-root-certificate">generate a new certificate</a> and activate it for your Zero Trust organization to avoid inspection errors.
 ---
 
 Advanced security features such as [HTTPS traffic inspection](/cloudflare-one/policies/gateway/http-policies/tls-decryption/), [Data Loss Prevention](/cloudflare-one/policies/data-loss-prevention/), [anti-virus scanning](/cloudflare-one/policies/gateway/http-policies/antivirus-scanning/), [Access for Infrastructure](/cloudflare-one/applications/non-http/infrastructure-apps/), and [Browser Isolation](/cloudflare-one/policies/browser-isolation/) require users to install and trust a root certificate on their device. You can either install the certificate provided by Cloudflare (default option), or generate your own custom certificate and upload it to Cloudflare.
 
 Gateway [generates a unique root CA](#generate-a-cloudflare-root-certificate) for each Zero Trust account and deploys its across the Cloudflare global network. Alternatively, Enterprise users can upload and deploy their own [custom certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/custom-certificate/).
 
-Once you deploy your certificate across Cloudflare and turn it on, you can install it on your user's devices either [with WARP](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/install-cert-with-warp/) or [manually](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/install-cloudflare-cert/).
+Zero Trust will indicate if a certificate is ready for use in inspection based on its deployment status:
 
-| Deployment status | Description                                                                                    |
-| ----------------- | ---------------------------------------------------------------------------------------------- |
-| Inactive          | The certificate has been uploaded to Cloudflare but is not deployed across the global network. |
-| Pending           | The certificate is being activated or deactivated for use.                                     |
-| Active            | The certificate is deployed across the Cloudflare global network and ready to be turned on.    |
-| Active and In-Use | The certificate is turned on. Gateway will use the certificate for inspection.                 |
+| Deployment status | Description                                                                                                    |
+| ----------------- | -------------------------------------------------------------------------------------------------------------- |
+| Inactive          | The certificate has been generated by or uploaded to Cloudflare but is not deployed across the global network. |
+| Pending           | The certificate is being activated or deactivated for use.                                                     |
+| Active            | The certificate is deployed across the Cloudflare global network and ready to be turned on.                    |
+| Active and In-Use | The certificate is turned on. Gateway will use the certificate for inspection.                                 |
 
 ## Generate a Cloudflare root certificate
 
@@ -57,3 +59,5 @@ The status of the certificate will change to **Pending** while it deploys. Once
 4. In **Basic information**, select **Confirm and turn on certificate**.
 
 Only one certificate can be turned on for inspection at a time. Setting a certificate as **In-Use** will set any other turned on certificates as **Active** and prevent them from being used for inspection until turned on again.
+
+Once you deploy your certificate across Cloudflare and turn it on, you can install it on your user's devices either [with WARP](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/install-cert-with-warp/) or [manually](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/install-cloudflare-cert/).