Getting Started with Cloudflare SSL

Secure customer traffic to your website with a Cloudflare SSL certificate. Learn which Cloudflare SSL product fits your site’s needs with guidance from the resources below.

Learn the basics

What is SSL? Learn how SSL prevents malicious snooping of your website’s Internet traffic.

End-to-end Encryption with Cloudflare Learn which Cloudflare settings ensure end-to-end encryption of traffic proxied to Cloudflare.

Learn about Cloudflare’s SSL products Observe the differences between Cloudflare SSL offerings and determine which SSL product best fits the needs of your website. Distinguish the certificates that encrypt traffic between visitors and Cloudflare or between Cloudflare and your origin web server.

Understand Universal SSL
See how Cloudflare’s free SSL certificate secures traffic for your domain and understand the limitations.
Manage Custom SSL (Business or Enterprise domains only)
Learn how to manage Custom SSL certificates purchased outside of Cloudflare.
Manage Dedicated SSL
Discern the differences between Dedicated SSL certificates and Dedicated SSL certificates with Custom Hostnames and identify the benefits for your domain.
Understand Keyless SSL (Enterprise domains only)
Serve your certificate from Cloudflare’s network without providing Cloudflare the private keys for your certificate.
Manage Custom Hostnames  (Enterprise domains only)
Extend Cloudflare’s benefits to your customers and preserve your branding without requiring your customers to create Cloudflare accounts.
Manage Origin SSL certificates
Ensure traffic encryption between Cloudflare and your origin web server.

SSL FAQ Find answers to common SSL questions.

Determine the SSL Option for your site Ensure traffic is encrypted between Cloudflare and your origin web server and avoid common configuration pitfalls such as redirect loops and 5XX errors.

Enhance your SSL security

Configure Authenticated Origin Pull Force your origin web server to validate that a web request comes from Cloudflare.

Enable TLS Client Auth (Enterprise domains only) Configure Cloudflare to only allow authorized clients to visit your site if those clients present a certificate that is approved by your organization.

Configure HTTP Strict Transport Security (HSTS) Secure HTTPS web servers against SSL downgrade attacks and force browsers to strictly enforce web security practices.

Customize your SSL settings

Enable Opportunistic Encryption Allow clients to securely access your site using HTTP (instead of HTTPS) over an encrypted TLS channel.

Use Cloudflare Onion Routing Allow Cloudflare to serve your website’s content directly through the Tor network without requiring exit nodes.

Enable TLS 1.3 Enable the latest TLS protocol to improve speed and security for content served over HTTPS.

Choose a Minimum TLS Version Enforce stronger cryptographic standards for HTTPS traffic to your domain.


Troubleshooting SSL errors Find answers to common SSL issues.

Why do I see redirect loop errors in the browser? Identify and resolve certain Cloudflare SSL/TLS and Page Rules settings that are incompatible with your origin web server configuration and cause redirect loop errors for visitors.

How do I fix SSL Mixed Content errors? Identify the symptoms of Mixed Content errors and learn which Cloudflare settings resolve the issue.

Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.