Certificate Signing Requests (CSRs)
Generate a Certificate Signing Request (CSR) to get a custom certificate from the Certificate Authority (CA) of your choice while maintaining control of the private key on Cloudflare. The private key associated with the CSR will be generated by Cloudflare and will never leave our network.
A CSR contains information about your domain: your organization name and address, the common name (domain name), and Subject Alternative Names (SANs).
Types of CSRs
You can create two types of CSRs:
- Zone-level: Meant only for sign certificates associated with the current zone.
- Account-level: Meant for organizations that issue certificates across multiple domains.
Create and use a CSR
To create a CSR:
- Log in to the and select your account and an application.
- Go to SSL/TLS > Edge Certificates.
- On Certificate Signing Request (CSR), select Generate.
- Choose a Scope (only can choose Account).
- Enter relevant information on the form and select Create.
To use a CSR:
Go to SSL/TLS > Edge Certificates.
On Certificate Signing Request (CSR), select the record you just created.
Copy (or select Click to copy) the value for Certificate Signing Request.
Obtain a certificate from the Certificate Authority (CA) of your choice using your CSR.