Custom certificates — SSL for SaaS
This situation commonly occurs when your customers use Extended Validation (EV) certificates (the “green bar”) or when their information security policy prohibits third parties from generating private keys on their behalf.
If you use custom certificates, you are responsible for the entire certificate lifecycle (initial upload, renewal, subsequent upload).
Cloudflare also only accepts publicly trusted certificates of these types:
If you attempt to upload another type of certificate or a certificate that has been self-signed, it will be rejected.