Cloudflare's Geo Key Manager allows you to restrict the Cloudflare data centers in which your uploaded SSL certificate private key is stored. This helps to provide additional safeguards against your private key being stored outside of areas you or your organization have deemed trustworthy. This feature is available for uploaded (custom) SSL certificates.
How can I apply this restriction?
You can apply the restriction when uploading your SSL to Cloudflare:
How can I change this restriction on existing keys?
Existing (already uploaded or purchased) SSL certificates will need to be deleted and re-added in order to change the current Geo Key restriction on their keys.
Where can I find more information?
More about this can be found on our blog: