Skip to content
Visit SSL on GitHub
Set theme to dark (⇧+D)

Get started with SSL/TLS

Follow the steps below to enable SSL/TLS protection for your application.


Step 1 — Choose an edge certificate

Cloudflare offers a variety of options for your application's edge certificates:

Step 2 — Choose your encryption mode

Once you have chosen your edge certificate, choose an encryption mode to specify how Cloudflare should encrypt connections between a) visitors and Cloudflare and b) Cloudflare and your origin server.

Step 3 — Enforce HTTPS connections

Even if your application has an active edge certificate, visitors can still access resources over unsecured HTTP connections.

Using various Cloudflare settings, however, you can force all or most visitor connections to use HTTPS.

Step 4 (optional) — Enable additional features

After you have chosen your edge certificate and updated your encryption mode, review the following Cloudflare settings:

  • Edge certificates: Customize different aspects of your edge certificates, from enabling Opportunistic Encryption to specifying a Minimum TLS Version.
  • Authenticated origin pull: Ensure all requests to your origin server originate from the Cloudflare network.
  • Notifications: Set up alerts related to certificate validation status, issuance, deployment, renewal, and expiration.