You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Use Cloudflare public key infrastructure (PKI) to create client certificates, or [bring your own CA for mTLS](/ssl/client-certificates/byo-ca/).
13
+
Use Cloudflare's public key infrastructure (PKI) to create client certificates, or [bring your own CA for mTLS](/ssl/client-certificates/byo-ca/).
14
14
15
15
<GlossaryDefinitionterm="mTLS (mutual TLS)" />
16
16
17
17
:::note[mTLS at Cloudflare]
18
18
For a broader overview of mTLS at Cloudflare refer to [learning paths](/learning-paths/mtls/concepts/).
19
19
:::
20
20
21
+
---
22
+
21
23
## Scope
22
24
23
25
Cloudflare validates client certificates with one CA, set at account level. This means that these certificates can be used for validation across multiple zones/domains (`example.com`), as long as the zones are under the same Cloudflare account and mTLS has been enabled for the requested hosts (`host.example.com`).
@@ -27,11 +29,19 @@ The account-level CA can be either:
27
29
- The Cloudflare-managed CA: This is the default option. Certificates and hostname associations are listed on your [dashboard](https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/client-certificates/).
28
30
- A [BYOCA](/ssl/client-certificates/byo-ca/) certificate: This is an API-only option, available on Enterprise accounts. Certificates and hostnames associations are **not** listed on your [dashboard](https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/client-certificates/).
0 commit comments