Get started with SSL/TLS
Follow the steps below to enable SSL/TLS protection for your application.
Step 1 — Choose an edge certificate
Cloudflare offers a variety of options for your application's edge certificates:
By default, Cloudflare issues — and renews — free, unshared, publicly trusted SSL certificates to all Cloudflare domains.
- (which supersede legacy ):
Custom certificates are meant for Business and Enterprise clients who want to utilize their own SSL certificates.
- (Enterprise only):
Keyless SSL allows security-conscious clients to upload their own custom certificates and benefit from Cloudflare, but without exposing their TLS private keys.
Step 2 — Choose your encryption mode
Step 3 — Enforce HTTPS connections
Even if your application has an active edge certificate, visitors can still access resources over unsecured HTTP connections.
Step 4 (optional) — Enable additional features
After you have chosen your edge certificate and updated your encryption mode, review the following Cloudflare settings:
- : Customize different aspects of your edge certificates, from enabling Opportunistic Encryption to specifying a Minimum TLS Version.
- : Ensure all requests to your origin server originate from the Cloudflare network.
- : Set up alerts related to certificate validation status, issuance, deployment, renewal, and expiration.