Keeping Your Custom SSL Certificates Up-to-Date

For customers on Business or Enterprise plans, Cloudflare offers the ability to upload your own SSL certificates to have these presented to visitors as they access your website.

Keeping your SSL certificates up to date is an important security practice to ensure that customer web browsers continue to interpret your SSL certificate as valid. Every SSL certificate has an expiration date. As a best practice, be sure to regularly acquire updated SSL certificates from your certificate vendor as you approach the SSL certificate expiration date. Once acquired, these certificates should then be uploaded to Cloudflare.

For customers who require PCI Compliance for your web properties, this is an important and required step to remain in compliance for this particular PCI compliance requirement (3.6.4 in the PCI DSS 2.0 specification).

To replace an expiring certificate, navigate to the Crypto section of your dashboard, scroll down to the Certificates section, and click the Manage link next to your custom certificate:

Manage will bring up a dialog showing each certificate in your custom certificate pack. In this example, there's only a single RSA+SHA256 certificate, but if you have additional certificates, you'll need to update each. To replace a certificate, click the wrench icon:

You'll now be able to paste your new PEM-encoded certificate and private key. We'll automatically check the certificate and key to ensure they're valid, and prevent you from overwriting your existing certificate if we find any issues. If you see an error and are unsure how to proceed, please contact Customer Support for additional assistance.

If there are no errors, you can click Add to return to the Dashboard, and will see the updated expiration date:

 

Still not finding what you need?

The CloudFlare team is here to help. 95% of questions can be answered using the search tool, but if you can’t find what you need, submit a support request.

Powered by Zendesk