Crypto Settings

Getting-Started
Security

#1

This tutorial covers basic settings in the Crypto tab of the Cloudflare Dashboard, including SSL Mode [Off/Flexible/Full/Full (Strict)], Cloudflare Origin Certificates, ‘Always Use HTTPS’ and ‘Automatic HTTPS Rewrites’.

The settings covered here can all be found by visiting cloudflare.com, logging in, selecting the domain and choosing:
image

SSL Modes

image

Off

The connection between your visitor and Cloudflare and Cloudflare and your server do not use SSL and are not secure. Visitors can only view your site over HTTP.

Flexible

The connection between your visitor and Cloudflare is secured, but the connection between Cloudflare and your server is not. You will not need a certificate on your server for this mode. This option is NOT RECOMMENDED if you have any sensitive data processed through your site.

Full

The connection is secured between your visitor and Cloudflare and Cloudflare and your server. Your server will need to be configured to accept HTTPS connections and have a certificate (It does not need to be valid and is not verified)

Full (Strict)

The connection is secured between your visitor and Cloudflare and Cloudflare and your server. Your server will need to have a VALID certificate from a trusted authority installed to use this mode.

For both Full and Full (Strict), you can use a Cloudflare origin certificate – covered next.

Cloudflare Origin Certificates

image

A Cloudflare origin certificate can be installed on your server so you can use Full or Full (Strict) SSL Modes.

If you click ‘Create Certificate’, use the default options unless you wish to change them, and click ‘Next’, a certificate will be generated.

How you install this certificate will depend on your server / host. When you go through this process, Cloudflare will give you a list of support guides for different servers. If you have any problems installing it, you should contact your web host for guidance.

Always Use HTTPS

image

This setting will redirect visitors from the HTTP version of your site to the secure HTTPS version. This means that all visitors connections will be secured.

Automatic HTTPS Rewrites

image

This setting can help fixed mixed content issues. Although it may not be able to fix all these issues, I recommend turning it on if you experience mixed content issues.


Which type of ssl should I use?
How to set up Cloudflare 2
Setup Problems
Understanding SSL