Manage advanced certificates
Create a certificate
If you are using an existing Universal SSL certificate , Cloudflare will automatically replace this certificate once you finish ordering your advanced certificate.
Once you order a certificate, you can review the certificate’s status in the dashboard at SSL/TLS > Edge Certificates or via the API with a GET request.
Using the dashboard
To create a new advanced certificate in the dashboard:
- Log into your Cloudflare account and select a domain.
- Navigate to SSL/TLS > Edge Certificates.
- Click Order Advanced Certificate.
- If Cloudflare does not have your billing information, you will need to enter that information.
- Enter the following information:
- Certificate Authority
- Certificate Hostnames
- Validation method
- Certificate Validity Period
- Click Save.
Using the API
To create a new certificate, send a POST request to the Cloudflare API.
Delete a certificate
Using the dashboard
To delete an advanced certificate in the dashboard:
- Log into your Cloudflare account and select a domain.
- Select SSL/TLS > Edge Certificates.
- Click a certificate.
- Click Delete Certificate.
Using the API
To delete a certificate, send a DELETE request to the Cloudflare API.
Restart validation
To restart validation for a certificate in a validation_timed_out
status, send a
PATCH request to the API.
Restrict cipher suites
Cipher suites are a combination of ciphers used to negotiate security settings during the SSL/TLS handshake (and therefore separate from the SSL/TLS protocol ).
For more details, refer to Disable cipher suites .
Perform domain control validation (DCV)
Before a Certificate Authority will issue a certificate for a domain, the requestor must prove they have control over that domain. This process is known as domain control validation (DCV).Normally, you only need to update DCV if you have your application on a partial setup (Cloudflare does not run your authoritative nameservers).
For more information about DCV, refer to DCV methods .