Cloudflare 15 Year Free SSL Certificate Complete Application Guide - VirtualCardx Cross Border Resource Center

I. Introduction

Recently, many users consult SSL certificate related issues, and many of them are troubled by the fact that the free certificates provided by Aliyun, Tencent Cloud and other platforms are only valid for 3 months and need to be updated frequently. In view of this, this article will introduce in detail the application process of the 15-year free SSL certificate provided by Cloudflare, which supports wildcard domain names and provides new options for users.

Second, the reasons for choosing Cloudflare 15 years free SSL certificate

Compared to other free certificates with a 3-month expiration date, Cloudflare's 15-year certificate has significant features, which are analyzed below in terms of both advantages and disadvantages:

(i) Advantages

It is completely free of charge and is valid for up to 15 years.
Wildcard domain names are supported.
Cloudflare's CDN service is available for free.
Enhances site security by protecting the source IP.

(ii) Areas requiring attention

The domain DNS must be hosted on the Cloudflare platform.
Domestic access speeds may be affected to some extent.
Some features of some hosting providers may not be available.

III. Preparatory work

Before starting your application, make sure the following conditions are met:

Signed up for a Cloudflare account at:https://www.cloudflare.com/ The
The domain name has been added to the Cloudflare account.
Host the domain DNS to the Cloudflare platform by modifying the DNS resolution at the point of purchase of the domain name and setting it to Cloudflare's name servers, for example:coco.ns.cloudflare.com,shane.ns.cloudflare.com The
Choose the right plan, for free users, pull down to the bottom of the page and choose the FREE plan.

IV. Detailed application steps

(i) Login and enter the certificate application interface

Select the domain name you need to apply for a certificate from the domain name list, find and click "SSL/TLS" in the left menu bar, then go to the "Source Server" tab and click the "Create Certificate " button.

(ii) Configuration of certificate parameters

Generate Private Key and CSR: Optionally, you can let Cloudflare generate the private key and CSR, which is recommended for newbies, and you can choose RSA or ECC for the private key type.
Configure the certificate domain range: enter the hostname to be protected by SSL, using wildcards (e.g. *.).example.com), which by default contains the top-level domain and first-level wildcard characters. If you need to add other levels of the domain, such asone.two.example.com, can be added here.
Choose the validity period of the certificate: the default validity period is 15 years, which can be shortened according to requirements.
Select the key format: PEM format for Apache/Nginx servers, PKCS#7 format for Windows/Tomcat servers.

(iii) Preservation of certificate information

After clicking the Create button to generate the certificate, you need to copy and save the private key and certificate content to a safe location immediately. It is recommended to create two separate text files named "private.key" (private key file) and "certificate.pem" (certificate file).

⚠️ Special Note: You will not be able to view the private key again after leaving the certificate generation page, so be sure to save it.

V. Certificate deployment steps

(i) Installation of certificates to the server

Log in to the server control panel (such as 1Panel, etc.), find the certificate-related functions, select Upload Certificate, paste the private key and the certificate content respectively, and complete the certificate installation.

(ii) Configuration of CA root certificates (on demand)

If the server requires it, download and install the appropriate root certificate:

ECC Version: Cloudflare Origin ECC PEM
RSA Version: Cloudflare Origin RSA PEM

Note: Apache cPanel users should not use the ECC version.

(iii) Cloudflare panel configuration

Return to the SSL/TLS Settings page, turn on the "Authenticated Origin Pulls" option, then switch to the "Overview" tab and select the appropriate encryption mode, either "Full (Strict)" or "Full (SSL Origin Pulls Only)".

Moyi Foreign Trade

contact details

Telegraph account number:

Microsignal:

Recent Posts

Basic Checks Before Facebook Ad Placement

An article on Avalanche Card, the Visa card launched by Top10 Global Public Chain

Analysis of current international mainstream big model api networking search capability

Domestic virtual credit card platform run through and risk avoidance suggestions

Testing the Zebec Virtual Card: Does KYC-Free Smell Good? I've stepped in the pits in these payment scenarios

Canadian Virtual Credit Card for Nationals - KOHO Virtual Credit Card

Test VMCardio Virtual Credit Card: In-depth Review of Payment Scene Coverage and Account Opening Thresholds

Individuals how to do foreign trade orders (practical guide)