askvity

How to Set SSL on CloudFlare?

Published in CloudFlare SSL Configuration 3 mins read

Setting up SSL on CloudFlare involves a few key steps to ensure secure HTTPS connections for your website. Here's a breakdown:

Prerequisites

Before you begin, you'll need to:

  • Create a CloudFlare account and register your application/website. This involves adding your site to CloudFlare and updating your domain's nameservers to point to CloudFlare.

Steps to Set Up SSL

  1. Choose an Edge Certificate:

    • CloudFlare offers various SSL/TLS certificate options for the edge (CloudFlare's servers). You can choose the one that best fits your needs.
    • Consider options like:
      • Cloudflare-issued certificates.
      • Upload your own custom certificate.

  2. Choose Your Encryption Mode:

    • This setting determines how CloudFlare connects to your origin server (your web server). Here are the common options:
    Encryption Mode Description
    Off Not Recommended. Traffic between CloudFlare and your visitor, and CloudFlare and your origin server, will be unencrypted (HTTP).
    Flexible CloudFlare encrypts the traffic between the visitor and CloudFlare, but the traffic between CloudFlare and your origin server is unencrypted (HTTP). Useful if you don't have an SSL certificate installed on your origin server but poses security risks.
    Full CloudFlare encrypts the traffic between the visitor and CloudFlare, and CloudFlare requires an SSL certificate on your origin server. The certificate can be self-signed.
    Full (Strict) CloudFlare encrypts the traffic between the visitor and CloudFlare, and CloudFlare requires a valid SSL certificate (signed by a trusted CA) on your origin server. This is the most secure option.
    • Recommendation: Use "Full (Strict)" for the best security. If you can't do that initially, "Full" is a better alternative than "Flexible."

  3. Enforce HTTPS Connections:

    • Once you have your encryption mode set up, you'll want to ensure all visitors are automatically redirected to the HTTPS version of your site.
    • Enable the "Always Use HTTPS" feature in CloudFlare. This will create a redirect rule that automatically redirects HTTP requests to HTTPS.

  4. Optional - Enable Additional Features:

    • HSTS (HTTP Strict Transport Security): Enabling HSTS instructs browsers to always access your site over HTTPS. This further enhances security.
    • Opportunistic Encryption: Allows browsers to use HTTP/2 even if they initially access the site over HTTP.
    • TLS 1.3: Make sure TLS 1.3 is enabled for the fastest and most secure encryption.
    • Automatic HTTPS Rewrites: Cloudflare can automatically rewrite HTTP links on your website to HTTPS, ensuring all resources are loaded securely.

By following these steps, you can effectively set up and configure SSL on CloudFlare, securing your website and protecting your users' data.

Related Articles