Cloudflare Origin Certificate
Learning Focus
By the end of this lesson you will understand why Cloudflare Origin CA certs are the easiest option for Full (Strict).
What It Is
A Cloudflare Origin CA certificate is a free SSL certificate issued by Cloudflare's own certificate authority. It is trusted only by Cloudflare — not by browsers directly.
Why Use It
| Advantage | Detail |
|---|---|
| Free | No cost |
| Long-lived | Up to 15 years validity |
| No renewal needed | Eliminates renewal automation complexity |
| Trusted by Cloudflare | Works with Full (Strict) mode |
| Quick to generate | Available directly from the dashboard |
Limitations
- Not trusted by browsers for direct access (only works behind Cloudflare proxy)
- Requires Cloudflare proxy to be enabled (orange cloud) on DNS records
- Does not work for non-proxied services
Key Takeaways
- Cloudflare Origin CA is the simplest path to Full (Strict) SSL.
- It is free, long-lived, and eliminates renewal automation.
- Only works when traffic is proxied through Cloudflare.
What's Next
- Continue to Custom Certificate for alternatives using external CAs.