Cloudflare Docs
SSL/TLS
SSL/TLS
Visit SSL/TLS on GitHub
Set theme to dark (⇧+D)

Certificate authorities

Cloudflare may issue Universal, Advanced, or SSL for SaaS certificates from any of the following Certificate Authorities (CAs):

Certificate authorityFeaturesLimitationsClient support
DigiCert (soon to be deprecated)RSA and ECDSA certificates

Supports validity periods of 14, 30, and 90 days
TLD restrictionsBrowser compatibility
Let’s EncryptRSA and ECDSA certificates

Supports validity periods of 90 days.

DCV tokens valid for 7 days.
Hostname on certificate must contain 10 or less levels of subdomainsBrowser compatibility
Google Trust ServicesRSA certificates

Supports validity periods of 14, 30, and 90 days.

DCV tokens valid for 14 days.
ECDSA certificates and Punycode domains are not yet supported.Currently trusted by Microsoft, Mozilla, Safari, Cisco, Oracle Java, and Qihoo’s 360 browser. All browsers or operating systems that depend on these root programs are covered.

In addition, some of Google Trust Services' root CAs may rely on a cross-signature to ensure optimal support across a wide range of devices.

​​ Backup certificates

Cloudflare may also issue backup certificates from Google Trust Services or Sectigo.