Request help about CloudFlare MTLS

Using your devices as the key to your apps (

I read this blog but I can not find the options to “Mutual TLS Root Certificates”, If this function is removed
Sam Rhea should add a tips on this blog article.

I plan to generate a Certificates for each mobile client, and revoke it when client unregistered. The SSL Client Certificates page provide no method to implement this.

I also read this API Shield™ · Cloudflare Firewall Rules docs

Blockquote If you need to use certificates issued by another CA, use Cloudflare AccessOpen external link to upload your own CA.

Again, I can not find where to upload CA.

Is there a API to generate/revoke client certificates at request ? (I think I maybe generate 10000 certificates if I get my website bigger)

Hi @calvin2021y,

Do you have an Enterprise plan?

That blog post says:

Please reach out. Today, the mTLS feature in Access is only available to Enterprise plans. Are you on a self-serve plan and working on a project where you want to use mTLS? IoT, service-to-service, corporate security included. If so, please reach out to me at [email protected] and let’s chat.

1 Like

I am use free plan, and I am not use mTLS with access.
cloudflare mTLS is for all plan subscription.

The original post is a bit confusing because the first half of the post refers to the mTLS feature in Cloudflare Access, and the another half refers to the API Shield - Mutual TLS feature in Firewall Rules.

Both have different ways to configure so please don’t get confused.

What @domjh said is true: mTLS feature in Cloudflare Access is an Enterprise feature. But what you mentioned is also true: the Mutual TLS feature in Firewall Rules (API Shield) is available in all plans.

The current issue is you are trying to implement API Shield - Mutual TLS feature by following the blog post which actually describes how to implement mTLS feature in Cloudflare Access.

So, if you want to use API Shield, please just ignore the steps described in the blog post as it does not apply to API Shield - Mutual TLS. Instead, just follow the steps in the API Shield documentation:

Regarding this:

I’m not really sure whether Cloudflare is enforcing a limit for this.


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.