Advanced Certificate Manager
Advanced Certificate Manager is a flexible and customizable way to issue and manage certificates in Cloudflare.
Use Advanced Certificate Manager when you want something more customizable than Universal SSL but still want the convenience of SSL certificate issuance and renewal. For example, use Advanced Certificate Manager to cover more than one level of subdomain, remove Cloudflare branding from the Universal certificate, or adjust the shortest certificate lifespan.
Features of Advanced Certificate Manager
Advanced Certificate Manager defines several certificate options:
- Add up to 100 edge certificates per zone.
- Include the zone apex and less than 50 hosts as covered hostnames.
- Select the preferred validation method (HTTP, TXT or Email).
- Choose the certificate validity period (14, 30, 90, or 365 days).
- Choose the Certificate Authority to issue the certificate (Let’s Encrypt or Digicert).
- Select a custom trust store for origin authentication.
- Control cipher suites used for TLS.
Common API commands
| Command | Method | Endpoint | Additional notes | |
|---|---|---|---|---|
| Order Advanced Certificate | POST | zones/:zone/ssl/certificate_packs/order | ||
| Restart validation for an Advanced Certificate Manager certificate pack | PATCH | zones/:zone/ssl/certificate_packs/:certificate_pack | ||
| Delete Advanced Certificate Manager certificate pack | DELETE | zones/:zone/ssl/certificate_packs/:certificate_pack | ||
| List all Advanced Certificate Manager certificate packs | GET | zones/:zone/ssl/certificate_packs?status=all | This API call returns all certificate packs for a domain (Universal, Custom, and Advanced). | |
| List Cipher Suite settings | GET | zones/:zone/settings/ciphers | ||
| Change Cipher Suite settings | PATCH | zones/:zone/settings/ciphers | To restore default settings, send a blank array in the value parameter. | |
| List SSL configurations | GET | zones/:zone/custom_certificates | ||
| Create SSL configurations | POST | zones/:zone/custom_certificates |
Create a certificate in the dashboard
To create a new advanced certificate in the dashboard:
- Log into your Cloudflare account and select a domain.
- Select SSL/TLS > Edge Certificates.
- Select Order Advanced Certificate.
- If Cloudflare does not have your billing information, you will need to enter that information.
- Enter the following information:
- Certificate Authority
- Certificate Hostnames
- Validation method
- Certificate Validity Period
- Select Save.