Cloudflare Docs
Ssl
SSL
Visit SSL on GitHub
Set theme to dark (⇧+D)

Issue new certificates

Once you have set up your SSL for SaaS application , you can start issuing new certificates for your customers.

For each custom hostname certificate you request, Cloudflare issues two certificates that are bundled in chains that maximize browser compatibility (unless you upload custom certificates ). The primary certificate uses a P-256 key, is SHA-2/ECDSA signed, and will be presented to browsers that support elliptic curve cryptography (ECC). The secondary or fallback certificate uses an RSA 2048-bit key, is SHA-2/RSA signed, and will be presented to browsers that do not support ECC.

Once issued, certificates are valid for one year. Renewals depend on your chosen method for Domain Control Validation .

Via the dashboard

  1. Log in to the Cloudflare dashboard and select your account.
  2. Select your SSL for SaaS application.
  3. Navigate to SSL/TLS > Custom Hostnames.
  4. Click Add Custom Hostname.
  5. Add your customer’s hostname app.customer.com and set the relevant options, including:
  6. Click Add Custom Hostname.

Via the API

To create a custom hostname using the API, use a POST command on the /zone/:zone_id/custom_hostnames endpoint.

The response contains the complete definition of the new custom hostname.