How can we help?
Searching...
  1. Home
  2. Domains and DNS
  3. Securing Your Website with Cloudflare SSL/TLS Encryption

Securing Your Website with Cloudflare SSL/TLS Encryption

Content

Overview

Cloudflare’s SSL/TLS encryption secures the data traveling between your website and its visitors. By encrypting this communication, you protect sensitive information from being intercepted and build user trust through the secure “padlock” icon in web browsers.

You can choose between several encryption modes—ranging from Flexible to Full (Strict)—depending on whether you have an existing SSL certificate on your hosting server.

Step-by-Step: Configuring SSL/TLS Settings

1. Select Your Encryption Mode

  1. Login to your Client Area account
  2. Navigate to Cloud Services > My Products & Services and select your Cloudflare service.
  3. Click the SSL/TLS tab in the left-hand sidebar and select Overview.
  4. Choose one of the following modes:
    • Off: No encryption is active. Your site remains on insecure HTTP (not recommended).
    • Flexible: Encrypts traffic from the visitor to Cloudflare only. Traffic from Cloudflare to your origin is unencrypted.
    • Full: Encrypts end-to-end but does not verify the certificate on your origin server (allows self-signed certificates).
    • Full (Strict): Most Secure. Encrypts end-to-end and requires a valid, CA-signed certificate on your origin server.
  5. Click Save Changes to apply the new mode.

2. Manage Origin Server Settings

For users who want to maximize security between Cloudflare and their web server, they can use the Origin Server submenu.

  1. Navigate to SSL/TLS > Origin Server in the sidebar.
  2. Click Create Certificate to generate a free Cloudflare-signed certificate to install on your origin server, enabling Full (Strict) mode.
  3. Toggle this setting to On to require your origin server to verify that every request is genuinely coming from the Cloudflare network.

Enabling Authenticated Origin Pulls requires you to also configure your web server (e.g., Nginx or Apache) to request and verify the Cloudflare client certificate.

3. Configure Edge Certificates

  1. Select SSL/TLS > Edge Certificates from the sidebar.
  2. Toggle “Always Use HTTPS” to On will automatically redirect all insecure http:// requests to secure https://
  3. Enable “Automatic HTTPS Rewrites” to fix “mixed content” errors by changing internal website links from http to https on the fly.
  4. Set the “Minimum TLS Version” (e.g., TLS 1.2) to prevent visitors using outdated, insecure protocols from connecting to your site.
Share this:
FacebookXWhatsAppTelegramLinkedInGmailCopy Link
Updated on February 23, 2026
Was this article helpful?
Yes No

Related Articles

Need Support?
Can't find the answer you're looking for?
Contact Support