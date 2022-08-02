Manage custom certificates — Cloudflare for SaaS

For use cases and limitations, refer to custom certificates.

​​ Upload certificates

​​ With the dashboard

To upload a custom certificate in the dashboard, follow the steps for issuing new certificates, but change the Certificate type to Custom certificate.

For more details on bundle method, refer to Bundle Methodologies

​​ With the API

The call below will upload a certificate for use with app.example.com .

Note that if you are using an ECC key generated by OpenSSL, you will need to first remove the -----BEGIN EC PARAMETERS-----...-----END EC PARAMETERS----- section of the file.

$ cat app_example_com.pem -----BEGIN CERTIFICATE----- MIIFJDCCBAygAwIBAgIQD0ifmj/Yi5NP/2gdUySbfzANBgkqhkiG9w0BAQsFADBN MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E .. . SzSHfXp5lnu/3V08I72q1QNzOCgY1XeL4GKVcj4or6cT6tX6oJH7ePPmfrBfqI/O OeH8gMJ+FuwtXYEPa4hBf38M5eU5xWG7 -----END CERTIFICATE----- $ MYCERT = " $( cat app_example_com.pem | perl -pe 's/\r?

/\

/' | sed -e 's/..$//' ) " $ MYKEY = " $( cat app_example_com.key | perl -pe 's/\r?

/\

/' | sed -e 's/..$//' ) "

With the certificate and key saved to environment variables (using escaped newlines), build the payload:

$ echo $MYCERT -----BEGIN CERTIFICATE----- \ nMIIFJDCCBAygAwIBAgIQD0ifmj/Yi5NP/2gdUySbfzANBgkqhkiG9w0BAQsFADBN \ nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E .. .SzSHfXp5lnu/3V08I72q1QNzOCgY1XeL4GKVcj4or6cT6tX6oJH7ePPmfrBfqI/O \ nOeH8gMJ+FuwtXYEPa4hBf38M5eU5xWG7 \ n-----END CERTIFICATE----- \ n $ request_body = $( < < ( cat << EOF { "hostname": "app.example.com", "ssl": { "custom_certificate": " $MYCERT ", "custom_key": " $MYKEY " } } EOF ) )

​​ Step 2 — Upload your certificate and key

Use a POST request External link icon Open external link to upload your certificate and key.

The serial number returned is unique to the issuer, but not globally unique. Additionally, it is returned as a string, not an integer.

​​ Move to a Cloudflare certificate

If you want to switch from maintaining a custom certificate to using one issued by Cloudflare, you can migrate that certificate with zero downtime.