Issue new certificates
Once you have set up your SSL for SaaS application , you can start issuing new certificates for your customers.
For each custom hostname certificate you request, Cloudflare issues two certificates that are bundled in chains that maximize browser compatibility (unless you upload custom certificates ). The primary certificate uses a P-256 key, is SHA-2/ECDSA signed, and will be presented to browsers that support elliptic curve cryptography (ECC). The secondary or fallback certificate uses an RSA 2048-bit key, is SHA-2/RSA signed, and will be presented to browsers that do not support ECC.
Once issued, certificates are valid for 1 year and renew automatically 30 days before expiration. Renewals require no action from you or your customer.
Via the dashboard
- Log into the Cloudflare dashboard and select your account.
- Select your SSL for SaaS application.
- Navigate to SSL/TLS > Custom Hostnames.
- Click Add Custom Hostname.
- Add your customer’s hostname
app.customer.comand set the relevant options, including:- Choosing the Validation method .
- Whether you want to Enable wildcard, which adds a
*.<custom-hostname>SAN to the custom hostname certificate. For more details, refer to Hostname priority . - Choosing a value for Custom origin server .
- Click Add Custom Hostname.
Via the API
To create a custom hostname using the API, use a
POST command on the /zone/:zone_id/custom_hostnames endpoint.
The response contains the complete definition of the new custom hostname.