Cloudflare Docs
Cloudflare for Platforms
Cloudflare Docs
Cloudflare for Platforms
Edit this page
Report an issue with this page
Log into the Cloudflare dashboard
Set theme to dark (⇧+D)
  1. Products
  2. Cloudflare for Platforms
  3. ...
  4. ...
  5. ...
  6. Issue and validate certificates
  7. Issue

Issue certificates

Cloudflare automatically issues certificates when you create a custom hostname.

​​ Certificate authorities

If you create the custom hostname via API, you can leave the certificate_authority parameter empty to set it to “default CA”. With this option, Cloudflare checks the CAA records before requesting the certificates, which helps ensure the certificates can be issued from the CA.

Refer to this certificate authorities reference page to learn more about the CAs that Cloudflare uses to issue SSL/TLS certificates.

​​ Certificate details and compatibility

For each custom hostname, Cloudflare issues two certificates bundled in chains that maximize browser compatibility (unless you upload custom certificates).

The primary certificate uses a P-256 key, is SHA-2/ECDSA signed, and will be presented to browsers that support elliptic curve cryptography (ECC). The secondary or fallback certificate uses an RSA 2048-bit key, is SHA-2/RSA signed, and will be presented to browsers that do not support ECC.