Skip to content
Cloudflare Docs
SSL
Cloudflare Docs
SSL
Search icon (depiction of a magnifying glass)
GitHub icon
Visit SSL on GitHub
Set theme to dark (⇧+D)

Client certificates

Use Cloudflare’s public key infrastructure (PKI) to create client certificates. You can use these certificates with Cloudflare API Shield™ to enforce mutual Transport Layer security (mTLS) encryption.

To use API Shield to protect your API or web application, you must do the following:

  1. Enable mTLS for the hosts you wish to protect with API Shield.

  2. Use Cloudflare’s fully hosted public key infrastructure (PKI) to create a client certificate in the Cloudflare dashboard.

  3. Create Cloudflare firewall rules that require API requests to present a valid client certificate. The Firewall app in the Cloudflare dashboard provides a dedicated interface where you can create API Shield rules.

  4. Configure your mobile app or IoT device to use your Cloudflare-issued client certificate.