Certificate management

Good afternoon,

Regarding my SSL certificate, I can bring one on the Business plan, correct? What is the value to add another certificate?

What about the Pro plan, talking to the customer manager, can I bring my SSL certificate?

Hi @user6469,

You need to make sure you have a certificate on your server regardless of your plan.

In terms of edge certificates, all plans come with the Universal Certificate which covers example.com and *.example.com, so the root domain and any one-level subdomains. This can be issued by either Let’s Encrypt or Digicert.

You also have the option of the Advanced Certificate Manager add-on. This lets you add additional hostnames and further customise the certificates issued. See https://developers.cloudflare.com/ssl/edge-certificates/advanced-certificate-manager.

Custom certificates are only available on the Business and Enterprise plans and allow you to upload your own certificate, there isn’t a lot of additional value and many people choose to stick with the universal cert, you may want to use ot to cover additional hostnames rather than purchasing ACM if you need that. See https://developers.cloudflare.com/ssl/edge-certificates/custom-certificates.

1 Like

Hi @domjh

Considering that I have the Business plan, and I have my own certificate, what is the value to bring one more additional certificate?

Thanks for the help

There are a few situations where a Custom certificate is needed or desirable, such as the following:

  • Certificate Pinning
  • OCSP Must-Staple
  • Legacy Devices requiring particular CA

No value. Unless you have a particular requirement that is not met by the Universal or ACM certificates, don’t use a Custom Certificate. Just ensure you continue to install your own cert on your own server.

As he said, there really isn’t one. Personally, I find it more of a hassle since I’d have to keep it up to date here. The only real advantage would be if you need deeper subdomains, as the Universal SSL certificates only cover example.com and *.example.com. Not *.sub.example.com.