Certificate Signing Requests (CSRs)
Generate a Certificate Signing Request (CSR) to get a custom certificate from the Certificate Authority (CA) of your choice while maintaining control of the private key on Cloudflare. The private key associated with the CSR will be generated by Cloudflare and will never leave our network.
A CSR contains information about your domain: your organization name and address, the common name (domain name), and Subject Alternative Names (SANs).
Free | Pro | Business | Enterprise | |
---|---|---|---|---|
Availability | No | No | No | Included with Advanced Certificate Manager |
You can create two types of CSRs:
- Zone-level: Meant only for sign certificates associated with the current zone.
- Account-level: Meant for organizations that issue certificates across multiple domains.
To create a CSR:
- Log in to the Cloudflare dashboard ↗ and select your account and an application.
- Go to SSL/TLS > Edge Certificates.
- On Certificate Signing Request (CSR), select Generate.
- Choose a Scope (only certain customers can choose Account).
- Enter relevant information on the form and select Create.
To use a CSR:
-
Go to SSL/TLS > Edge Certificates.
-
On Certificate Signing Request (CSR), select the record you just created.
-
Copy (or select Click to copy) the value for Certificate Signing Request.
-
Obtain a certificate from the Certificate Authority (CA) of your choice using your CSR.
-
When you upload the custom certificate to Cloudflare, select an Encoding mode of Certificate Signing Request (CSR) and enter the associated value.
When you renew a custom certificate, you can reuse a previously generated CSR.