Custom certificates are meant for Business and Enterprise clients who want to utilize their own SSL certificates.
Currently the Business and Enterprise plan each include one Custom Certificate, and Enterprise customers may purchase additional slots as needed by speaking with their Customer Success Manager.
Geo Key Manager (private key restriction)
By default, private keys will be encrypted and securely distributed to each data center, where they can be utilized for local SSL/TLS termination. Customers that wish to restrict where these keys may be used can elect to specify a during upload.
Certificates uploaded to Cloudflare will be automatically grouped together into a Certificate Pack before being deployed to the global edge.
A Certificate Pack is a group of certificates that share the same set of hostnames — for example,
*.example.com — but use different signature algorithms. Each pack can include up to three certificates, with one from each of the following signature algorithms:
SHA-1/RSA. Each pack only counts as one SSL certificate against your custom certificate quota.