Default TLS Certificate Renewal in Private Spaces (CloudHub 2.0)

Overview

In CloudHub 2.0 Private Spaces, the default TLS context certificate is managed and renewed automatically by MuleSoft. This article explains how the renewal process works and outlines best practices for production use.

How Certificate Renewal Works

The default TLS certificate used in a Private Space is renewed through an automated system process.

• Renewal typically begins within 30 days prior to certificate expiration
• The exact timing of renewal within this window is not fixed
• The certificate will be renewed before it expires
• No manual action is required from customers

This process ensures continuity of service without interruption due to certificate expiration.

Important Considerations

While default TLS certificates are convenient, they are intended primarily for:

• Initial setup
• Testing and quick access scenarios

They are not recommended for long-term or production use.

Best Practice Recommendation

For production workloads, customers should deploy and manage their own TLS certificates.

Benefits of using custom certificates:

• Full control over certificate lifecycle
• Alignment with organizational security policies
• Predictable renewal timelines
• Custom domain support

How to Configure Custom TLS Domains

To configure your own TLS certificates and domains in a Private Space, refer to the official documentation:

https://docs.mulesoft.com/cloudhub-2/ps-config-domains