Custom Certificates

custom_certificates

Methods

Create SSL Configuration -> Envelope<>
post/zones/{zone_id}/custom_certificates

Upload a new SSL certificate for a zone.

Delete SSL Configuration -> Envelope<{ id }>
delete/zones/{zone_id}/custom_certificates/{custom_certificate_id}

Remove a SSL certificate from a zone.

Edit SSL Configuration -> Envelope<>
patch/zones/{zone_id}/custom_certificates/{custom_certificate_id}

Upload a new private key and/or PEM/CRT for the SSL certificate. Note: PATCHing a configuration for sni_custom certificates will result in a new resource id being returned, and the previous one being deleted.

SSL Configuration Details -> Envelope<>
get/zones/{zone_id}/custom_certificates/{custom_certificate_id}

SSL Configuration Details

List SSL Configurations -> V4PagePaginationArray<>
get/zones/{zone_id}/custom_certificates

List, search, and filter all of your custom SSL certificates. The higher priority will break ties across overlapping 'legacy_custom' certificates, but 'legacy_custom' certificates will always supercede 'sni_custom' certificates.

Domain types

CustomCertificate = { id, bundle_method, expires_on, 11 more... }
GeoRestrictions = { label }

Specify the region where your private key can be held locally for optimal TLS performance. HTTPS connections to any excluded data center will still be fully encrypted, but will incur some latency while Keyless SSL is used to complete the handshake with the nearest allowed data center. Options allow distribution to only to U.S. data centers, only to E.U. data centers, or only to highest security data centers. Default distribution is to all Cloudflare datacenters, for optimal performance.

Status = "active" | "pending_reactivation" | "pending_revocation" | 1 more...

Client Certificates may be active or revoked, and the pending_reactivation or pending_revocation represent in-progress asynchronous transitions

custom_certificates.prioritize

Methods

Re Prioritize SSL Certificates -> Envelope<Array<>>
put/zones/{zone_id}/custom_certificates/prioritize

If a zone has multiple SSL certificates, you can set the order in which they should be used during a request. The higher priority will break ties across overlapping 'legacy_custom' certificates.