Cloudflare Docs
Cloudflare for Platforms
Visit Cloudflare for Platforms on GitHub
Set theme to dark (⇧+D)

Custom certificates

If your customers need to provide their own key material, you may want to upload a custom certificate. Cloudflare will automatically bundle the certificate with a certificate chain optimized for maximum browser compatibility.

As part of this process, you may also want to generate a Certificate Signing Request (CSR) for your customer so they do not have to manage the private key on their own.

​​ Use cases

This situation commonly occurs when your customers use Extended Validation (EV) certificates (the “green bar”) or when their information security policy prohibits third parties from generating private keys on their behalf.

​​ Limitations

If you use custom certificates, you are responsible for the entire certificate lifecycle (initial upload, renewal, subsequent upload).

Cloudflare also only accepts publicly trusted certificates of these types:

  • SHA256WithRSA
  • SHA1WithRSA
  • ECDSAWithSHA256

If you attempt to upload another type of certificate or a certificate that has been self-signed, it will be rejected.