Generate Certificate in Cloudflare
Learning Focus
By the end of this lesson you will know how to generate a Cloudflare Origin CA certificate from the dashboard.
Steps
- Log into Cloudflare Dashboard → SSL/TLS → Origin Server
- Click Create Certificate
- Select Key type: RSA (2048) or ECDSA
- Hostnames: Enter
example.comand*.example.com - Certificate validity: 15 years (recommended for origin-only certs)
- Click Create
Cloudflare displays:
- Origin Certificate (public key) — copy this
- Private Key — copy this (shown only once)
warning
Copy the private key immediately. Cloudflare will not show it again. If you lose it, you must generate a new certificate.
What You Get
| Item | Use |
|---|---|
| Origin Certificate | Install on your server's SSL listener |
| Private Key | Pairs with the certificate — keep secret |
Key Takeaways
- Cloudflare Origin CA certs are free and last up to 15 years.
- They are only trusted by Cloudflare — not by browsers directly.
- Copy the private key immediately — it is shown only once.
What's Next
- Continue to Download Certificate and Private Key for saving the files.