Learn the importance of SSL and the differences between Cloudflare's various SSL products.
HTTPS (Hypertext Transfer Protocol Secure) is an Internet protocol with a layer of security added. HTTPS is a combination of the standard HTTP protocol, and a security protocol called SSL/TLS.
Normal HTTP sends data over the Internet in plain text making it easy to intercept. HTTPS encryption prevents wiretapping, stolen credit card numbers, and other interceptions. Because HTTPS is a vital protection for Internet traffic, Cloudflare offers several SSL products.
Cloudflare's SSL products
Cloudflare offers four options that can be enabled for domains running through Cloudflare. The choices are:
Universal SSL is the name for Cloudflare's free SSL service. It allows for a low entry point (Free) for securing content in transit from attackers.
The Universal SSL option Cloudflare offers can take up to 24 hours to activate. Cloudflare’s Universal SSL option generally activates in approximately 10-15 minutes. In addition, the free SSL option does have limitations as to which browsers and operating systems will work with it that site owners should consider before choosing this option for their domains. View our guide on browser ssl support for further details.
Cloudflare now offers the a la carte option of Dedicated Certificates to any plan level. This generally activates in approximately 10-15 minutes. A zone will this certificate will be the only zone specified on the common name, unlike Universal SSL which uses shared certificates. This also helps pass PCI compliance.
Dedicated certificates with Custom Hostnames eliminates the fourth level subdomain restriction.
Custom SSL is chosen by customers that want to upload their own certificates to Cloudflare so that their information shows when a visitor checks the certificate. The Custom SSL option is often chosen by customers that had paid for an EV or OV Certificate, and would like to continue to display this information to visitors that visit the site.
Keyless SSL is for Enterprise customers only. Keyless SSL is designed for organizations that can not hand over control of their keys to another organization, and entities interested in Keyless SSL will need to contact our Enterprise Sales Team for more information and pricing.