Skip to content
Cloudflare API
Start here
API Reference
Custom Csrs

Create Custom CSR

POST/{accounts_or_zones}/{account_or_zone_id}/custom_csrs

Generate a new custom Certificate Signing Request (CSR) for an account or zone. Cloudflare generates and securely stores the private key associated with the CSR.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
Account: SSL and Certificates Write
Path ParametersExpand Collapse
account_id: optional string

The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.

zone_id: optional string

The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

Body ParametersJSONExpand Collapse
common_name: string

The common name (domain) for the CSR. Must be at most 64 characters.

maxLength64
country: string

Two-letter ISO 3166-1 alpha-2 country code.

locality: string

City or locality name.

organization: string

Organization name.

sans: array of string

Subject Alternative Names for the CSR. At least one SAN is required.

state: string

State or province name.

description: optional string

Optional description for the CSR.

key_type: optional "rsa2048" or "p256v1"

Key algorithm to use for the CSR. Defaults to rsa2048 if not specified.

One of the following:
"rsa2048"
"p256v1"
name: optional string

Human-readable name for the CSR.

organizational_unit: optional string

Organizational unit name.

ReturnsExpand Collapse
errors: array of object { code, message, documentation_url, source }
code: number
minimum1000
message: string
documentation_url: optional string
source: optional object { pointer }
pointer: optional string
messages: array of object { code, message, documentation_url, source }
code: number
minimum1000
message: string
documentation_url: optional string
source: optional object { pointer }
pointer: optional string
success: true

Whether the API call was successful.

result: optional object { id, created_at, key_type, 11 more }

A custom Certificate Signing Request (CSR).

id: string

Custom CSR identifier tag.

maxLength36
created_at: string

When the CSR was created.

formatdate-time
key_type: "rsa2048" or "p256v1"

The key algorithm used to generate the CSR.

One of the following:
"rsa2048"
"p256v1"
account_tag: optional string

Account identifier associated with this CSR.

common_name: optional string

The common name (domain) for the CSR.

maxLength64
country: optional string

Two-letter ISO 3166-1 alpha-2 country code.

csr: optional string

The PEM-encoded Certificate Signing Request.

description: optional string

Optional description for the CSR.

locality: optional string

City or locality name.

name: optional string

Human-readable name for the CSR.

organization: optional string

Organization name.

organizational_unit: optional string

Organizational unit name.

sans: optional array of string

Subject Alternative Names included in the CSR.

state: optional string

State or province name.

Create Custom CSR

curl https://api.cloudflare.com/client/v4/$ACCOUNTS_OR_ZONES/$ACCOUNT_OR_ZONE_ID/custom_csrs \
    -H 'Content-Type: application/json' \
    -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
    -d '{
          "common_name": "example.com",
          "country": "US",
          "locality": "San Francisco",
          "organization": "Cloudflare, Inc.",
          "sans": [
            "example.com",
            "www.example.com"
          ],
          "state": "California",
          "description": "CSR for example.com wildcard",
          "key_type": "rsa2048",
          "name": "My Custom CSR",
          "organizational_unit": "Engineering"
        }'
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "7b163417-1d2b-4c84-a38a-2fb7a0cd7752",
    "created_at": "2024-01-15T10:30:00Z",
    "key_type": "rsa2048",
    "account_tag": "23e087bd19bc1d40ae95b6f297263ceb",
    "common_name": "example.com",
    "country": "US",
    "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICYzCCAUsCAQAwHj...",
    "description": "CSR for example.com wildcard",
    "locality": "San Francisco",
    "name": "My Custom CSR",
    "organization": "Cloudflare, Inc.",
    "organizational_unit": "Engineering",
    "sans": [
      "example.com",
      "www.example.com"
    ],
    "state": "California"
  }
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "7b163417-1d2b-4c84-a38a-2fb7a0cd7752",
    "created_at": "2024-01-15T10:30:00Z",
    "key_type": "rsa2048",
    "account_tag": "23e087bd19bc1d40ae95b6f297263ceb",
    "common_name": "example.com",
    "country": "US",
    "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICYzCCAUsCAQAwHj...",
    "description": "CSR for example.com wildcard",
    "locality": "San Francisco",
    "name": "My Custom CSR",
    "organization": "Cloudflare, Inc.",
    "organizational_unit": "Engineering",
    "sans": [
      "example.com",
      "www.example.com"
    ],
    "state": "California"
  }
}