Custom certificates are meant for Business and Enterprise customers who want to use their own SSL certificates.
Before deploying custom certificates to Cloudflare’s global network, Cloudflare automatically groups the certificates into certificate packs.
A certificate pack is a group of certificates that share the same set of hostnames — for example,
*.example.com — but use different signature algorithms.
Each pack can include up to three certificates, one from each of the following signature algorithms:
Each pack only counts as one SSL certificate against your custom certificate quota.
|1 (Modern) (can purchase more)|
1 (Legacy) (can purchase more)
Certificate Signing Requests (CSRs)
As part of the custom certificate process, you can leverage Cloudflare to generate your . This additional option means that Cloudflare will safely generate and store the private key associated with the CSR.
Geo Key Manager (private key restriction)
By default, Cloudflare encrypts and securely distributes private keys to all Cloudflare data centers, where they can be used for local SSL/TLS termination. If you want to restrict where your private keys may be used, use .