From 5a207701892c635e8eab56e7370447bdec0d3070 Mon Sep 17 00:00:00 2001 From: Pablo Date: Tue, 5 May 2026 19:18:30 +0200 Subject: [PATCH] Update Backend.mdx Documented the behavior to ignore backend certificate validation. --- documentation/docs/backend/Backend/Backend.mdx | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/documentation/docs/backend/Backend/Backend.mdx b/documentation/docs/backend/Backend/Backend.mdx index 3db45735ce..5b37ba886a 100644 --- a/documentation/docs/backend/Backend/Backend.mdx +++ b/documentation/docs/backend/Backend/Backend.mdx @@ -111,6 +111,18 @@ This includes all configuration options above except for `name`, `target`, `host A new `Backend` object. +### Disable TLS verification + +TLS certificate verification for a backend can be disabled by leaving the following fields **unset** in your `backendConfiguration`: + +- `sniHostname` +- `caCertificate` +- `certificateHostname` + +If these fields are not configured, the Compute app does not validate the certificate presented by the backend. As a result, it will accept certificates that are expired, self-signed, issued for a different hostname or otherwise invalid. + +However, as a best practice, your origin should serve a valid TLS certificate and your Compute app should verify it to help protect backend connections from man-in-the-middle attacks. + ## Examples In this example an explicit Dynamic Backend is created and supplied to the fetch request, the response is then returned to the client.