Enable Total TLS
To enable Total TLS - which issues individual certificates for your proxied hostnames - follow these instructions:
To enable Total TLS in the dashboard:
- Log into the Cloudflare dashboard.
- Choose your account and domain.
- Go to SSL/TLS > Edge Certificates.
- For Total TLS, switch the toggle to On and - if desired - choose an issuing Certificate Authority.
To enable Total TLS with the API, send a
PATCH
request with the enabled
parameter set to your desired setting (true
or false
).
You can also specify a desired certificate authority by adding a value to the certificate_authority
parameter.
Aspects to consider
-
If you select a preferred certificate authority, you cannot change your certificate authority without first disabling Total TLS.
-
Total TLS certificates follow the Common Name (CN) restriction of 64 characters. If you have a hostname that exceeds this length, you can manually create an Advanced Certificate to cover it.