SSL on Paid Plans
Our SSL certificates on paid plans (Pro, Business and Enterprise) will work with all desktop browsers, so if you are worried about compatibility or have many users with old browsers upgrading to one of our paid plans is recommended. The Cloudflare provided SSL certificates utilize the Subject Alternative Names (SAN) extension to support multiple domains on the same SSL certificate. SAN certificates work with the following browsers:
Desktop Browsers
- All
Mobile Browsers
- All IOS versions supported.
- Android versions greater than 2.2 (older will return an SSL mismatch warning message due to a bug in Google's SAN implementation).
Cloudflare Dedicated Certificates and Universal SSL
Both Dedicated Certificates and Universal SSL use Server Name Indication (SNI) certificates using Elliptic Curve Digital Signature Algorithm (ECDSA). SNI and ECDSA certificates work with the following modern browsers:
Desktop Browsers installed on Windows Vista or OS X 10.6 or later:
- Internet Explorer 7
- Firefox 2
- Opera 8 (with TLS 1.1 enabled)
- Google Chrome v5.0.342.0
- Safari 2.1
Mobile Browsers
- Mobile Safari for iOS 4.0
- Android 3.0 (Honeycomb) and later
- Windows Phone 7
Note: If you need more compatibility with older browsers/operating systems, such as Windows XP and Android 3.0 and earlier, please check out our Pro, Business, or Enterprise plans.
To learn more, visit https://www.digicert.com/ssl-support/apache-secure-multiple-sites-sni.htm.
For more information on what your browser supports, visit https://cc.dcsec.uni-hannover.de using your browser.
A Better Browser can be configured from the Apps section of your dashboard to display a message to browsers that do not support SNI, but note that users will need to visit over HTTP to see it.
Typical errors to look for:
"This site makes use of a SHA-1 Certificate; it's recommended that you use signature algorithms that use hash functions stronger than SHA-1."
"ERR_SSL_VERSION_OR_CIPHER_MISMATCH"