Managing Custom SSL certificates

Learn to add and edit Custom SSL certificates as well as remove passwords on private key files.


Overview

Custom SSL certificates provide several benefits:

  • They are not shared by multiple customer domains.
  • Customers can serve valid, existing origin SSL certificates from Cloudflare's network.  

Domains on Business and Enterprise plans are allowed Custom SSL certificates once the domains are active on Cloudflare. Only one Custom SSL certificate is allowed per Business domain.  By default, Enterprise customers are allowed one Custom SSL certificate per Enterprise domain but can request additional Custom SSL certificates from their Cloudflare Account Team.

Cloudflare allows uploading several SSL certificate types:

  • Unified Communications Certificates (UCC)
  • Extended Validation (EV)
  • Organization Validated (OV)
Cloudflare does not permit uploading self-signed SSL certificates.

Before uploading a Custom SSL certificate to Cloudflare, ensure the private key file is not password protected.


Prerequisite: remove the key file password

If an uploaded key file is password protected, the Cloudflare Crypto app generates the following error:

The key is password protected. Please strip the password and re-submit.

To remove a key file password, the solution depends on the Operating System used.  For example, if mydomain.com.key is the private key file, the password protection can be removed via one of the following methods:

Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Powered by Zendesk