Certificate Authority

How we ensure Cloudflare customers aren't affected by Let's Encrypt's certificate chain change

04/12/2024

Let’s Encrypt’s cross-signed chain will be expiring in September. This will affect legacy devices with outdated trust stores (Android versions 7.1.1 or older). To prevent this change from impacting customers, Cloudflare will shift Let’s Encrypt certificates upon renewal to use a different CA...

Dina Kozlov

How we ensure Cloudflare customers aren't affected by Let's Encrypt's certificate chain change

A tour through Merkle Town, Cloudflare's Certificate Transparency dashboard

03/24/2018

SSL TLS HTTPS Security Dashboard Certificate Authority

The success of Certificate Transparency rests on the existence of a robust ecosystem of logs and log operators. Without logs that CAs can depend on, it’s not practical for browsers to require that SSL certificates have been logged to be trusted—as Chrome plans to do on April 30....

Patrick R. Donahue

Introducing Certificate Transparency and Nimbus

03/23/2018

Certificate Authority Security HTTPS SSL Research Cryptography

Certificate Transparency (CT) is an ambitious project to help improve security online by bringing accountability to the system that protects HTTPS. Cloudflare is announcing support for this project by introducing two new public-good services....

Nick Sullivan

CAA of the Wild: Supporting a New Standard

12/07/2017

Product News SSL DNS Security TLS 1.3 TLS Reliability Universal SSL Certificate Authority

One thing we take pride in at Cloudflare is embracing new protocols and standards that help make the Internet faster and safer. Sometimes this means that we’ll launch support for experimental features or standards still under active development, as we did with TLS 1.3....

Max Nystrom

How to make your site HTTPS-only

07/06/2017

HTTPS SSL Automatic HTTPS Certificate Authority HTTP2 Security Cryptography

The Internet is getting more secure every day as people enable HTTPS, the secure version of HTTP, on their sites and services....

Nick Sullivan

May 10, 2016 3:21 PM

How we built Origin CA: Web Crypto

At CloudFlare we strive to combine features that are simple, secure, and backed by solid technology. The Origin CA is a great example of this. You no longer need to go to a third-party certificate authority to protect the connection between CloudFlare and your origin server....

Nick Sullivan

Certificate Authority

, JavaScript

, API

, Security

, Cryptography

December 22, 2015 4:43 PM

Why it’s harder to forge a SHA-1 certificate than it is to find a SHA-1 collision

It’s well known that SHA-1 is no longer considered a secure cryptographic hash function. Researchers now believe that finding a hash collision (two values that result in the same value when SHA-1 is applied) is inevitable and likely to happen....

Nick Sullivan

Certificate Authority

, Reliability

, Programming

, RSA

June 24, 2015 1:57 PM

How to build your own public key infrastructure

A major part of securing a network as geographically diverse as CloudFlare’s is protecting data as it travels between datacenters. Customer data and logs are important to protect but so is all the control data that our applications use to communicate with each other. ...

Nick Sullivan

TLS

, HTTPS

, Encryption

, Certificate Authority

, SSL

February 24, 2015 8:15 PM

Universal SSL: Encryption all the way to the origin, for free

Last September, CloudFlare unveiled Universal SSL, enabling HTTPS support for all sites by default. All sites using CloudFlare now support strong cryptography from the browser to CloudFlare’s servers....