Cloudflare Docs
SSL/TLS
SSL/TLS
Edit this page
Give us feedback
Set theme to dark (⇧+D)

Edge certificates

Consider the information below for guidance on how to choose different edge certificates for common use cases, or refer to the other pages in this section for more options.

​​ Use cases

​​ Simplify issuance and renewal

Issuing and renewing certificates can take up a lot of time from your technical teams. Leverage Cloudflare Universal SSL or advanced certificates to simplify this process.

Advanced certificates offer more customization than Universal SSL.

With custom certificates, you have full control in terms of certificate authority (CA) or certificate validation level, but you need to handle issuance and renewal on your own.

​​ Meet cipher suites requirements

The different algorithms used in SSL/TLS encryption can vary in terms of how secure they are.

Through cipher suites customization you can have control over which ciphers are used for your domain and/or specific hostnames, making it possible to achieve balance between highly available marketing websites (www.example.com) - that even legacy devices can access - and highly secure services or applications (shop.example.com) - that require standards compliance.

Cipher suites customization applies to any edge certificate used in connections to a given hostname. However, to enable custom cipher suites and other features, you must purchase the Advanced Certificate Manager add-on.

If you already have Advanced Certificate Manager, use the API to set up custom cipher suites. Refer to Customize cipher suites for more guidance.

​​ Automate domain control validation (DCV)

If you want to use Cloudflare but manage DNS externally (partial setup), you may need to perform domain control validation (DCV) to prove that you have control over your domain before your SSL/TLS certificate can be issued.

To make this process easier and automate DCV at certificate renewal, use advanced certificates and set up delegated DCV.