SSL / TLS

Cloudflare offers a range of SSL/TLS options. By default, Cloudflare offers Universal SSL to all domains, but there are many other options available. Cloudflare offers SSL/TLS for free because we believe it is the right thing to do ↗. Encryption is foundational to the Internet because it prevents data from being manipulated.

1. Universal SSL: This option covers basic encryption requirements and certificate management needs.

2. Foundation DNS: Foundation DNS is an Enterprise option that provides strategically distributed IPs to enhance resiliency, reduced exposure to incidents or software regression and more consistent nameserver assignment.

3. Total TLS: Automatically issues certificates for all subdomain levels, extending the protection offered by Universal SSL.

4. Advanced Certificates: Offers customizable certificate issuance and management, including options like choosing the certificate authority, certificate validity period, and removing Cloudflare branding from certificates.

5. Custom Certificates: For eligible plans, customers can upload their own certificates, with the user managing issuance and renewal.

6. mTLS Client Certificates: Cloudflare offers a PKI system, used to create client certificates, which can enforce mutual Transport Layer Security (mTLS) encryption.

7. Cloudflare for SaaS Custom Hostnames: This feature enables SaaS providers to offer their clients the ability to use their own domains while benefiting from Cloudflare’s network.

8. Keyless SSL Certificates: Keyless SSL allows security-conscious clients to upload their own custom certificates and benefit from Cloudflare, but without exposing their TLS private keys.

9. Origin Certificates: Origin CA certificates from Cloudflare are used to encrypt traffic between Cloudflare and your origin web server. These certificates are created through the Cloudflare dashboard and can be configured with a choice of RSA or ECC private keys and support for various server types.