SSL / TLS
Cloudflare offers a range of SSL/TLS options. By default, Cloudflare offers Universal SSL to all domains, but there are many other options available. Cloudflare offers SSL/TLS for free because we believe it is the right thing to do ↗. Encryption is foundational to the Internet because it prevents data from being manipulated.
- 
Universal SSL: This option covers basic encryption requirements and certificate management needs. 
- 
Foundation DNS: Foundation DNS is an Enterprise option that provides strategically distributed IPs to enhance resiliency, reduced exposure to incidents or software regression and more consistent nameserver assignment. 
- 
Total TLS: Automatically issues certificates for all subdomain levels, extending the protection offered by Universal SSL. 
- 
Advanced Certificates: Offers customizable certificate issuance and management, including options like choosing the certificate authority, certificate validity period, and removing Cloudflare branding from certificates. 
- 
Custom Certificates: For eligible plans, customers can upload their own certificates, with the user managing issuance and renewal. 
- 
mTLS Client Certificates: Cloudflare offers a PKI system, used to create client certificates, which can enforce mutual Transport Layer Security (mTLS) encryption. 
- 
Cloudflare for SaaS Custom Hostnames: This feature enables SaaS providers to offer their clients the ability to use their own domains while benefiting from Cloudflare’s network. 
- 
Keyless SSL Certificates: Keyless SSL allows security-conscious clients to upload their own custom certificates and benefit from Cloudflare, but without exposing their TLS private keys. 
- 
Origin Certificates: Origin CA certificates from Cloudflare are used to encrypt traffic between Cloudflare and your origin web server. These certificates are created through the Cloudflare dashboard and can be configured with a choice of RSA or ECC private keys and support for various server types.