Enable Total TLS
To enable Total TLS - which issues individual certificates for your proxied hostnames - follow these instructions:
To enable Total TLS in the dashboard:
- Log into the Cloudflare dashboard .
- Choose your account and domain.
- Go to SSL/TLS > Edge Certificates.
- For Total TLS, switch the toggle to On and - if desired - choose an issuing Certificate Authority.
To enable Total TLS with the API, send a
PATCH request with the enabled parameter set to your desired setting (true or false).
You can also specify a desired certificate authority by adding a value to the certificate_authority parameter.
Aspects to consider
-
If you select a preferred certificate authority, you cannot change your certificate authority without first disabling Total TLS.
- Total TLS certificates follow the Common Name (CN) restriction of 64 characters. If you have a hostname that exceeds this length, you can manually create an Advanced Certificate to cover it.