On this page
Secure sites simplified
Certainly is Fastly’s publicly-trusted Transport Layer Security (TLS) Certification Authority (CA), giving Fastly customers the option of using certificates issued by Certainly to secure any website or API endpoint served by Fastly (CDN and Compute@Edge). Certainly certificates offer a high level of trust and reliability, and are fully supported by Fastly.
Certificates are hard to manage, requiring resources to dedicate time in maintaining and monitoring the certificate lifecycle. Errors in this lifecycle can cause service downtime. With Certainly, you can rest easy knowing Fastly is taking care of all of your certificate management needs.
Tighter security and reduced risk
Certainly certificates have a 30-day validity period – the shortest with no extra charge. Shorter validity periods coupled with automation achieve a higher level of security by reducing the time in which a compromised certificate is usable. Certainly is not available on the public internet which provides even more protection for your certificates.
Simplified certificate management
Reduce the pain of managing certificates and renewals, even for hundreds of thousands of domains. Fastly customers have a dedicated, publicly trusted, certification authority to quickly and easily issue all of their certificate needs.
More reliable, better support
Fastly service reliability standards and network back our CA. Put trust in Fastly’s distributed, speedy global delivery network for TLS certificates. Removing the dependency on third-party providers means Fastly is in control of resolving any issues, supported from provisioning to renewing.
Our TLS Offerings
Frictionless setup and management for foundational encryption needs, including:
Management via UI and API
Managed certificates from your choice of:
Our Certification Authority (Certainly)
A non-profit CA
Unmanaged certificates (bring your own)
Our Enterprise support add-on for addressing more complex requirements, including:
Dedicated concierge support email address
TLS configuration review and optimization
Support for custom cipher suites outside our defaults (requires dedicated IP*)
Fallback certificate management and provisioning
Legacy TLS (1.0 and 1.1) support (requires dedicated IP*)
Advanced service pinning configuration (requires dedicated IP*)
Platform TLS is designed for organizations that want to maintain control of the certificate lifecycle, need to use a specific CA, or have regulatory requirements that require use of a specific CA. It includes an API for setup and can support a high-volume of domains. Platform TLS supports Domain Validated(DV), Organization Validated (OV), and Extended Validation (EV) certificates.
Meet a more powerful global network.
Our network is all about greater efficiency. With our strategically placed points of presence (POPs), you can scale on-demand and deliver seamlessly during major events and traffic spikes. Get the peace of mind that comes with truly reliable performance — wherever users may be browsing, watching, shopping, or doing business.
Edge network capacity1
Mean purge time2
Daily requests served4
~90% of customers
Run Next-Gen WAF in blocking mode3
As of June 30, 2023
As of December 31, 2019
As of March 31, 2021
As of January 1, 2022