Cloudflare launched Universal SSL in September 2014 in order to streamline the process of securing a website or application with SSL by simply requiring that customers sign up with Cloudflare. Universal SSL batches recently signed-up domains together and sends a joint request to a Certificate Authority, which in turn, sends back a shared certificate for all the batched domains.
In response to customer requests for personalization, non-sharing, and control over their domain certificates, Cloudflare has unveiled Dedicated SSL Certificates and Dedicated Certificates with Custom Hostnames. These enable customers to control when certificates are issued, the breadth of subdomains they protect, which SSL/TLS versions and encryption options are supported, and whether other hostnames (such as Cloudflare’s) appear on the certificates. The certificates are issued on-demand with private keys generated exclusively for customer domains. Cloudflare’s dedicated SSLs also come with added encryption features like TLS 1.3, Automatic HTTPS Rewrites, and Opportunistic Encryption.
Dedicated certificates have all the features of Universal SSL certificates, including automated renewal and rapid revocation/reissuance to address security vulnerabilities. They also enable granular control of HTTPS settings, whether the issue is Modern TLS requirements or selectively enabling new features such as Automatic HTTPS Rewrites. Dedicated SSL also frees customers from the need to manage and monitor their custom certificates to ensure that they are renewed and re-installed consistently, not to mention the need to generate and store private keys and craft certificate signing requests.
The Dedicated SSL service is $5 per month, whereas the Dedicated Certificate with Custom Hostnames is $10 per month.
Dedicated certificates can be isolated from other Cloudflare customers’ zones, which is helpful for agencies, SaaS providers, and other enterprises who serve competing firms. It also allows customers to brand their certificates with their domain names specifically, with room for up to 50 total hostnames or wildcards, if they use Dedicated Certificates with Custom Hostnames. Customers can also control how frequently their certificates are reissued.
In addition, Cloudflare has announced that enterprise customers seeking to deploy SSL in China will soon have the option of designating a specific SSL certificate to be used exclusively there, so that they are not using the private key that secures their traffic elsewhere in China as well.