Cloudflare SSL/TLS
Encrypt your web traffic to prevent data theft and other tampering.
SSL/TLS certificates encrypt traffic between visitors and your website, preventing eavesdropping and data tampering. Because Cloudflare sits between your visitors and your origin server, two certificates can be involved in a single request: an edge certificate (visitor to Cloudflare) and an origin certificate (Cloudflare to your server).
Cloudflare automatically issues free certificates through Universal SSL and offers additional options for custom certificate management. Refer to Get started to set up SSL/TLS for your domain.
Total TLS
Universal SSL covers your apex domain and first-level subdomains. Total TLS extends that coverage by automatically issuing certificates for proxied hostnames at any subdomain level.
Delegated DCV
Before issuing a certificate, a certificate authority (CA) must verify you control the domain. If you manage DNS outside of Cloudflare, you can delegate this verification to Cloudflare so certificate renewals happen automatically.
Custom TLS settings
Specify the minimum TLS version that visitors must use to connect to your website or application, and restrict cipher suites to meet compliance or security requirements.
For a complete list of SSL/TLS features and their availability by plan, refer to features and availability.
When you use Cloudflare DNS, all DNS queries for your domain are answered by Cloudflare's global anycast network. This network delivers performance and global availability.
Cloudflare for SaaS allows you to extend the security and performance benefits of Cloudflare's network to your customers via their own custom or vanity domains.