Get started with SSL/TLS
Follow the steps below to enable SSL/TLS protection for your application.
Before you begin
Choose an edge certificate
Cloudflare offers a variety of options for your application’s edge certificates:
- : Use advanced certificates when you want something more customizable than but still want the convenience of SSL certificate issuance and renewal.
- : Custom certificates are meant for Business and Enterprise customers who want to use their own SSL certificates.
- (Enterprise only): Keyless SSL allows security-conscious clients to upload their own custom certificates and benefit from Cloudflare, but without exposing their TLS private keys.
Choose your encryption mode
Encryption modes specify how Cloudflare encrypts connections between (a) visitors and Cloudflare, and (b) Cloudflare and your origin server. For more context about this two-part process refer to the .
Note that some encryption modes will require you to have a valid , which is managed on your origin server. Each encryption mode setup page lists out this and other requirements and you can also , such as .
Enforce HTTPS connections
Enable additional features
After you have chosen your encryption mode and enforced HTTPS connections, evaluate the following settings:
- : Customize different aspects of your edge certificates, from enabling Opportunistic Encryption to specifying a Minimum TLS Version.
- : Ensure all requests to your origin server originate from the Cloudflare network.
- : Set up alerts related to certificate validation status, issuance, deployment, renewal, and expiration.