Secure customer traffic to your website with a Cloudflare SSL certificate. Learn which Cloudflare SSL product fits your site’s needs with guidance from the resources below.
Learn the basics
What is SSL?
Learn how SSL prevents malicious snooping of your website’s Internet traffic.
End-to-end Encryption with Cloudflare
Learn which Cloudflare settings ensure end-to-end encryption of traffic proxied to Cloudflare.
Learn about Cloudflare’s SSL products
Observe the differences between Cloudflare SSL offerings and determine which SSL product best fits the needs of your website. Distinguish the certificates that encrypt traffic between visitors and Cloudflare or between Cloudflare and your origin web server.
- Understand Universal SSL
- See how Cloudflare’s free SSL certificate secures traffic for your domain and understand the limitations.
- Manage Custom SSL (Business or Enterprise domains only)
- Learn how to manage Custom SSL certificates purchased outside of Cloudflare.
- Manage Dedicated SSL
- Discern the differences between Dedicated SSL certificates and Dedicated SSL certificates with Custom Hostnames and identify the benefits for your domain.
- Understand Keyless SSL (Enterprise domains only)
- Serve your certificate from Cloudflare’s network without providing Cloudflare the private keys for your certificate.
- Manage Custom Hostnames (Enterprise domains only)
- Extend Cloudflare’s benefits to your customers and preserve your branding without requiring your customers to create Cloudflare accounts.
- Manage Origin SSL certificates
- Ensure traffic encryption between Cloudflare and your origin web server.
Find answers to common SSL questions.
Determine the SSL Option for your site
Ensure traffic is encrypted between Cloudflare and your origin web server and avoid common configuration pitfalls such as redirect loops and 5XX errors.
Enhance your SSL security
Configure Authenticated Origin Pull
Force your origin web server to validate that a web request comes from Cloudflare.
Enable TLS Client Auth (Enterprise domains only)
Configure Cloudflare to only allow authorized clients to visit your site if those clients present a certificate that is approved by your organization.
Configure Legacy Browser Support (Business and Enterprise domains only)
Allow secure connections for visitors with older operating systems or browsers.
Customize your SSL settings
Enable Opportunistic Encryption
Allow clients to securely access your site using HTTP (instead of HTTPS) over an encrypted TLS channel.
Use Cloudflare Onion Routing
Allow Cloudflare to serve your website’s content directly through the Tor network without requiring exit nodes.
Enable TLS 1.3
Enable the latest TLS protocol to improve speed and security for content served over HTTPS.
Choose a Minimum TLS Version
Enforce stronger cryptographic standards for HTTPS traffic to your domain.
Troubleshooting SSL errors
Find answers to common SSL issues.
Why do I see redirect loop errors in the browser?
Identify and resolve certain Cloudflare Crypto and Page Rules settings that are incompatible with your origin web server configuration and cause redirect loop errors for visitors.
How do I fix SSL Mixed Content errors?
Identify the symptoms of Mixed Content errors and learn which Cloudflare settings resolve the issue.