SSL / TLS
Cloudflare offers a range of SSL/TLS options. By default, Cloudflare offers Universal SSL to all domains, but there are many other options available. Cloudflare offers SSL/TLS for free because we believe it is the right thing to do ↗. Encryption is foundational to the Internet because it prevents data from being manipulated.
-
Universal SSL: This option covers basic encryption requirements and certificate management needs.
-
Foundation DNS: Foundation DNS is an Enterprise option that provides strategically distributed IPs to enhance resiliency, reduced exposure to incidents or software regression and more consistent nameserver assignment.
-
Total TLS: Automatically issues certificates for all subdomain levels, extending the protection offered by Universal SSL.
-
Advanced Certificates: Offers customizable certificate issuance and management, including options like choosing the certificate authority, certificate validity period, and removing Cloudflare branding from certificates.
-
Custom Certificates: For eligible plans, customers can upload their own certificates, with the user managing issuance and renewal.
-
mTLS Client Certificates: Cloudflare offers a PKI system, used to create client certificates, which can enforce mutual Transport Layer Security (mTLS) encryption.
-
Cloudflare for SaaS Custom Hostnames: This feature enables SaaS providers to offer their clients the ability to use their own domains while benefiting from Cloudflare's network.
-
Keyless SSL Certificates: Keyless SSL allows security-conscious clients to upload their own custom certificates and benefit from Cloudflare, but without exposing their TLS private keys.
-
Origin Certificates: Origin CA certificates from Cloudflare are used to encrypt traffic between Cloudflare and your origin web server. These certificates are created through the Cloudflare dashboard and can be configured with a choice of RSA or ECC private keys and support for various server types.