cloudflare · RebeccaTamachiro · Oct 28, 2025 · Oct 28, 2025 · Oct 28, 2025 · Oct 28, 2025
@@ -9,7 +9,7 @@ description: Cloudflare mTLS now supports client certificates that have not been
   Cloudflare mTLS.
 ---
 
-import { Render, APIRequest, Tabs, TabItem } from "~/components";
+import { APIRequest, Render, TabItem, Tabs, DashButton } from "~/components";
 
 This page explains how you can manage client certificates that have not been issued by Cloudflare CA. For a broader overview, refer to the [mTLS at Cloudflare learning path](/learning-paths/mtls/concepts/).
 
@@ -85,11 +85,13 @@ If you wish to remove the association from the Cloudflare-managed certificate an
 
 <Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
 
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account and domain.
-2. Go to **SSL/TLS** > **Client Certificates**.
-3. On the **Hosts** section of the **Client Certificates** card, select **Edit**.
-4. Select the cross next to the hostname you want to remove. The list of hostname associations will be updated.
-5. Select **Save** to confirm.
+1. In the Cloudflare dashboard, go to the **Client Certificates** page.
+
+   <DashButton url="/?to=/:account/:zone/ssl-tls/client-certificates" />
+
+2. On the **Hosts** section of the **Client Certificates** card, select **Edit**.
+3. Select the cross next to the hostname you want to remove. The list of hostname associations will be updated.
+4. Select **Save** to confirm.
 
 </TabItem> <TabItem label="API">
 

@@ -6,13 +6,15 @@ sidebar:
 
 ---
 
-import { Details } from "~/components";
+import { Details, DashButton } from "~/components";
 
 To create a client certificate on the Cloudflare dashboard:
 
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account and zone/domain.
-2. Go to **SSL/TLS** > **Client Certificates**.
-3. Select **Create Certificate** and fill in the required fields. You can choose one of the following options:
+1. In the Cloudflare dashboard, go to the **Client Certificates** page.
+
+   <DashButton url="/?to=/:account/:zone/ssl-tls/client-certificates" />
+
+2. Select **Create Certificate** and fill in the required fields. You can choose one of the following options:
 
   - Generate a private key and Certificate Signing Request (CSR) with Cloudflare.
   - Use your own private key and CSR. This option allows you to also [label client certificates](/ssl/client-certificates/label-client-certificate/).

@@ -6,20 +6,22 @@ sidebar:
 
 ---
 
-import { Render } from "~/components"
+import { Render, DashButton } from "~/components"
 
 You can enable mutual Transport Layer Security (mTLS) for any hostname.
 
 To enable mTLS for a host from the Cloudflare dashboard:
 
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account and domain.
-2. Go to **SSL/TLS** > **Client Certificates**.
-3. On the **Hosts** section of the **Client Certificates** card, select **Edit**.
-4. Enter the name of a host in your current domain.
+1. In the Cloudflare dashboard, go to the **Client Certificates** page.
+
+   <DashButton url="/?to=/:account/:zone/ssl-tls/client-certificates" />
+
+2. On the **Hosts** section of the **Client Certificates** card, select **Edit**.
+3. Enter the name of a host in your current domain.
 :::note
 The domain (`example.com`) is automatically appended for you. This means that, if you want to enable mTLS for `abc.example.com`, you only need to type `abc`.
 :::
-5. Select **Save** to confirm.
+4. Select **Save** to confirm.
 
 ## CAs in use
 

@@ -6,16 +6,20 @@ sidebar:
 
 ---
 
+import { DashButton } from "~/components";
+
 You can revoke a client certificate you previously generated with the default [Cloudflare Managed CA](/ssl/client-certificates/).
 
-It is not possible to permanently delete client certificates generated with the default Cloudflare Managed CA. Once revoked, these client certificates will still be listed in **SSL/TLS > Client Certificates**, and can be restored at any time.
+It is not possible to permanently delete client certificates generated with the default Cloudflare Managed CA. Once revoked, these client certificates will still be listed on the [**Client Certificates**](https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/client-certificates) page, and can be restored at any time.
 
 ## Steps
 
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account and application.
-2. Go to **SSL** > **Client Certificates**.
-3. Select the certificate you want to revoke.
-4. Select **Revoke** and confirm the operation.
+1. In the Cloudflare dashboard, go to the **Client Certificates** page.
+
+   <DashButton url="/?to=/:account/:zone/ssl-tls/client-certificates" />
+
+2. Select the certificate you want to revoke.
+3. Select **Revoke** and confirm the operation.
 
 :::caution[Important]
 

@@ -9,6 +9,8 @@ head:
     content: Troubleshooting client certificates
 ---
 
+import { DashButton } from "~/components";
+
 If your query returns an error even after configuring and embedding a client SSL certificate, check the following settings.
 
 ---
@@ -33,9 +35,11 @@ Check whether [mTLS has been enabled](/ssl/client-certificates/enable-mtls/) for
 
 ## Review mTLS rules
 
-To review mTLS rules:
+To review mTLS rules, consider the steps below. For further guidance refer to [Custom rules](/waf/custom-rules/create-dashboard/).
+
+1. In the Cloudflare dashboard, go to the **Security rules** page.
 
-1. Select **Security** > **WAF** > **Custom rules**.
+   <DashButton url="/?to=/:account/:zone/security/security-rules" />
 
 2. On a specific rule, select **Edit**.
 
@@ -48,4 +52,4 @@ To review mTLS rules:
      (http.host in {"api.trackers.ninja"} and not cf.tls_client_auth.cert_verified)
      ```
 
-4. To edit the rule, either use the user interface or select **Edit expression**.
+4. To edit the rule, either use the user interface or select **Edit expression**.
@@ -8,7 +8,7 @@ sidebar:
   order: 15
 ---
 
-import { FeatureTable, TabItem, Tabs } from "~/components";
+import { FeatureTable, TabItem, Tabs, DashButton } from "~/components";
 
 Always Use HTTPS redirects all your visitor requests from `http` to `https`, for all subdomains and hosts in your application.
 
@@ -36,10 +36,13 @@ If only some parts of your application can support HTTPS traffic, do not enable
 
 To enable **Always Use HTTPS** in the dashboard:
 
-1. Log in to your [Cloudflare account](https://dash.cloudflare.com) and go to a specific domain.
-2. In **SSL/TLS** > **Overview**, make sure that your [SSL/TLS encryption mode](/ssl/origin-configuration/ssl-modes/off/) **is not** set to **Off**. When you set your encryption mode to **Off**, the **Always Use HTTPS** option will not be visible in your Cloudflare dashboard.
-3. Go to **SSL/TLS** > **Edge Certificates**.
-4. For **Always Use HTTPS**, switch the toggle to **On**.
+1. In the Cloudflare dashboard, go to the **SSL/TLS Overview** page for the respective application.
+
+   <DashButton url="/?to=/:account/:zone/ssl-tls" />
+
+2. Make sure that your [SSL/TLS encryption mode](/ssl/origin-configuration/ssl-modes/off/) is not set to **Off**. When you set your encryption mode to **Off**, the **Always Use HTTPS** option will not be visible in your Cloudflare dashboard.
+3. Go to the [**Edge Certificates**](https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/edge-certificates) page.
+4. Turn on **Always Use HTTPS**.
 
 </TabItem> <TabItem label="API">
 

@@ -5,7 +5,7 @@ sidebar:
   order: 14
 ---
 
-import { FeatureTable, Render, TabItem, Tabs } from "~/components";
+import { FeatureTable, Render, TabItem, Tabs, DashButton } from "~/components";
 
 Automatic HTTPS Rewrites prevents end users from seeing "mixed content" errors by rewriting URLs from `http` to `https` for resources or links on your web site that can be served with HTTPS.
 
@@ -31,9 +31,11 @@ For security reasons, this feature will run on URLs pointing to `localhost` if t
 
 To enable **Automatic HTTPS Rewrites** in the dashboard:
 
-1. Log in to your [Cloudflare account](https://dash.cloudflare.com) and go to a specific domain.
-2. Go to **SSL/TLS** > **Edge Certificates**.
-3. For **Automatic HTTPS Rewrites**, switch the toggle to **On**.
+1. In the Cloudflare dashboard, go to the **Edge Certificates** page.
+
+   <DashButton url="/?to=/:account/:zone/ssl-tls/edge-certificates" />
+
+2. For **Automatic HTTPS Rewrites**, switch the toggle to **On**.
 
 </TabItem> <TabItem label="API">
 

@@ -5,7 +5,7 @@ sidebar:
   order: 11
 ---
 
-import { FeatureTable, Render } from "~/components";
+import { FeatureTable, Render, DashButton } from "~/components";
 
 <Render file="csr-definition" product="ssl" />
 
@@ -24,19 +24,20 @@ You can create two types of CSRs:
 
 To create a CSR:
 
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account and an application.
-2. Go to **SSL/TLS** > **Edge Certificates**.
-3. On **Certificate Signing Request (CSR)**, select **Generate**.
-4. Choose a **Scope** (only [certain customers](#types-of-csrs) can choose **Account**).
-5. Enter relevant information on the form and select **Create**.
+1. In the Cloudflare dashboard, go to the **Edge Certificates** page.
+
+   <DashButton url="/?to=/:account/:zone/ssl-tls/edge-certificates" />
+
+2. On **Certificate Signing Request (CSR)**, select **Generate**.
+3. Choose a **Scope** (only [certain customers](#types-of-csrs) can choose **Account**).
+4. Enter relevant information on the form and select **Create**.
 
 To use a CSR:
 
-1. Go to **SSL/TLS** > **Edge Certificates**.
-2. On **Certificate Signing Request (CSR)**, select the record you just created.
-3. Copy (or select **Click to copy**) the value for **Certificate Signing Request**.
-4. Obtain a certificate from the Certificate Authority (CA) of your choice using your CSR.
-5. When you [upload the custom certificate](/ssl/edge-certificates/custom-certificates/uploading/) to Cloudflare, select an **Encoding mode** of **Certificate Signing Request (CSR)** and enter the associated value.
+1. On the [**Edge Certificates**](https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/edge-certificates) page, select the CSR record you just created under **Certificate Signing Request (CSR)**.
+2. Copy (or select **Click to copy**) the value for **Certificate Signing Request**.
+3. Obtain a certificate from the Certificate Authority (CA) of your choice using your CSR.
+4. When you [upload the custom certificate](/ssl/edge-certificates/custom-certificates/uploading/) to Cloudflare, select an **Encoding mode** of **Certificate Signing Request (CSR)** and enter the associated value.
 
    :::note
    You will not see the option to adjust your **Encoding Mode** until after you have created a CSR associated with the specific zone or your account.

@@ -36,7 +36,7 @@ CT Monitoring alerts are triggered not only by Cloudflare processes - including
 
 ## Opt in and out
 
-Alerts are turned off by default. If you want to receive alerts, go to [**SSL/TLS** > **Edge Certificates**](https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/edge-certificates#ct-alerting-card) and enable **Certificate Transparency Monitoring**. If you are in a Business or Enterprise zone, select **Add Email**.
+Alerts are turned off by default. If you want to receive alerts, go to the [**Edge Certificates**](https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/edge-certificates#ct-alerting-card) page and enable **Certificate Transparency Monitoring**. If you are in a Business or Enterprise zone, select **Add Email**.
 
 To stop receiving alerts, disable **Certificate Transparency Monitoring** or remove your email from the feature card.
 

@@ -22,7 +22,7 @@ Note that:
 - Updating the cipher suites will result in certificates being redeployed.
 - Cipher suites are used in combination with other [SSL/TLS settings](/ssl/edge-certificates/additional-options/cipher-suites/#related-ssltls-settings).
 - You cannot set specific TLS 1.3 ciphers. Instead, you can [enable TLS 1.3](/ssl/edge-certificates/additional-options/tls-13/#enable-tls-13) for your entire zone and Cloudflare will use all applicable [TLS 1.3 cipher suites](/ssl/edge-certificates/additional-options/cipher-suites/supported-cipher-suites/).
-- Each cipher suite also supports a specific algorithm (RSA or ECDSA) so you should consider the algorithms in use by your edge certificates when making your ciphers selection. You can find this information under each certificate listed in [**SSL/TLS** > **Edge Certificates**](https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/edge-certificates).
+- Each cipher suite also supports a specific algorithm (RSA or ECDSA) so you should consider the algorithms in use by your edge certificates when making your ciphers selection. You can find this information under each certificate listed on the [**Edge Certificates**](https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/edge-certificates) page.
 - It is not possible to configure minimum TLS version nor cipher suites for [Cloudflare Pages](/pages/) hostnames.
 - If you use Windows you might need to adjust the `curl` syntax, refer to [Making API calls on Windows](/fundamentals/api/how-to/make-api-calls/#making-api-calls-on-windows) for further guidance.
 

@@ -6,7 +6,7 @@ sidebar:
   label: Use the dashboard
 ---
 
-import { Render, Details } from "~/components";
+import { Render, Details, DashButton } from "~/components";
 
 <Render file="cipher-suites-definition" product="ssl" />
 
@@ -28,20 +28,22 @@ For any of the modes, you should keep in mind the following configuration condit
 	* Each cipher suite also supports a specific algorithm (RSA or ECDSA), so you
 	should consider the algorithms in use by your edge certificates when making
 	your ciphers selection. You can find this information under each certificate
-	listed in [**SSL/TLS** > **Edge
-	Certificates**](https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/edge-certificates).
+	listed on the [**Edge
+	Certificates**](https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/edge-certificates) page.
 	* It is not possible to configure minimum TLS version nor cipher suites for
 	[Cloudflare Pages](/pages/) hostnames.
 </Details>
 
 ## Steps
 
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login) and select your account and domain.
-2. Go to **SSL/TLS** > **Edge Certificates**.
-3. For the **Cipher suites** setting select **Configure**.
-4. Choose a mode to select your cipher suites and select **Next**.
-5. Select a predefined set of cipher suites or, if you opted for **Custom**, specify which cipher suites you want to allow. Make sure you are aware of how your selection will interact with Minimum TLS version, TLS 1.3, and the certificate algorithm (ECDSA or RSA).
-6. Select **Save** to confirm.
+1. In the Cloudflare dashboard, go to the **Edge Certificates** page.
+
+   <DashButton url="/?to=/:account/:zone/ssl-tls/edge-certificates" />
+
+2. For the **Cipher suites** setting select **Configure**.
+3. Choose a mode to select your cipher suites and select **Next**.
+4. Select a predefined set of cipher suites or, if you opted for **Custom**, specify which cipher suites you want to allow. Make sure you are aware of how your selection will interact with Minimum TLS version, TLS 1.3, and the certificate algorithm (ECDSA or RSA).
+5. Select **Save** to confirm.
 
 :::note[Modern or PCI DSS]
 When used with [TLS 1.3](/ssl/edge-certificates/additional-options/cipher-suites/#tls-13), Modern is the same as PCI DSS.

@@ -5,7 +5,7 @@ sidebar:
   order: 4
 ---
 
-import { FeatureTable, TabItem, Tabs } from "~/components";
+import { FeatureTable, TabItem, Tabs, DashButton } from "~/components";
 
 HSTS protects HTTPS web servers from downgrade attacks. These attacks redirect web browsers from an HTTPS web server to an attacker-controlled server, allowing bad actors to compromise user data and cookies.
 
@@ -53,14 +53,15 @@ If you remove HTTPS before disabling HSTS or before waiting for the duration of
 
 To enable HSTS using the dashboard:
 
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account.
-2. Select your website.
-3. Go to **SSL/TLS** > **Edge Certificates**.
-4. For **HTTP Strict Transport Security (HSTS)**, select **Enable HSTS**.
-5. Read the dialog and select **I understand**.
-6. Select **Next**.
-7. Configure the [HSTS settings](#configuration-settings).
-8. Select **Save**.
+1. In the Cloudflare dashboard, go to the **Edge Certificates** page.
+
+   <DashButton url="/?to=/:account/:zone/ssl-tls/edge-certificates" />
+
+2. For **HTTP Strict Transport Security (HSTS)**, select **Enable HSTS**.
+3. Read the dialog and select **I understand**.
+4. Select **Next**.
+5. Configure the [HSTS settings](#configuration-settings).
+6. Select **Save**.
 
 </TabItem> <TabItem label="API">
 
@@ -78,13 +79,14 @@ To enable HSTS on a specific subdomain only, configure a [subdomain setup](/dns/
 
 To disable HSTS on your website:
 
-1. Log in to the Cloudflare dashboard and select your account.
-2. Select your website.
-3. Go to **SSL/TLS** > **Edge Certificates**.
-4. For **HTTP Strict Transport Security (HSTS)**, select **Enable HSTS**.
-5. Set the **Max Age Header** to **0 (Disable)**.
-6. If you previously enabled the **No-Sniff** header and want to remove it, set it to **Off**.
-7. Select **Save**.
+1. In the Cloudflare dashboard, go to the **Edge Certificates** page.
+
+   <DashButton url="/?to=/:account/:zone/ssl-tls/edge-certificates" />
+
+2. For **HTTP Strict Transport Security (HSTS)**, select **Enable HSTS**.
+3. Set the **Max Age Header** to **0 (Disable)**.
+4. If you previously enabled the **No-Sniff** header and want to remove it, set it to **Off**.
+5. Select **Save**.
 
 ## Configuration settings
 

@@ -10,6 +10,6 @@ sidebar:
 
 import { DirectoryListing } from "~/components"
 
-Once you set up SSL/TLS on your application, you can adjust the following settings in **SSL/TLS** > **Edge Certificates**:
+Once you set up SSL/TLS on your application, you can adjust the following settings on the [**Edge Certificates**](https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/edge-certificates) page:
 
 <DirectoryListing />
@@ -5,7 +5,7 @@ sidebar:
   order: 13
 ---
 
-import { FeatureTable, TabItem, Tabs, APIRequest, Render } from "~/components";
+import { FeatureTable, TabItem, Tabs, APIRequest, Render, DashButton } from "~/components";
 
 Minimum TLS Version only allows HTTPS connections from visitors that support the selected TLS protocol version or newer.
 
@@ -43,10 +43,11 @@ To manage the TLS version applied to your whole zone when proxied through Cloudf
 
 <Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
 
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account.
-2. Select your website.
-3. Go to **SSL/TLS** > **Edge Certificates**.
-4. For **Minimum TLS Version**, select an option.
+1. In the Cloudflare dashboard, go to the **Edge Certificates** page.
+
+   <DashButton url="/?to=/:account/:zone/ssl-tls/edge-certificates" />
+
+2. For **Minimum TLS Version**, select an option.
 
 </TabItem> <TabItem label="API">
 

@@ -3,7 +3,7 @@ pcx_content_type: concept
 title: Opportunistic Encryption
 ---
 
-import { FeatureTable, Render, TabItem, Tabs } from "~/components";
+import { FeatureTable, Render, TabItem, Tabs, DashButton } from "~/components";
 
 Opportunistic Encryption allows browsers to access HTTP URIs over an encrypted TLS channel. It's not a substitute for HTTPS, but provides additional security for otherwise vulnerable requests.
 
@@ -21,9 +21,11 @@ You do not need to configure your origin web server to support Opportunistic Enc
 
 To enable Opportunistic Encryption in the dashboard:
 
-1. Log in to your [Cloudflare account](https://dash.cloudflare.com) and go to a specific domain.
-2. Go to **SSL/TLS** > **Edge Certificates**.
-3. For **Opportunistic Encryption**, switch the toggle to **On**.
+1. In the Cloudflare dashboard, go to the **Edge Certificates** page.
+
+   <DashButton url="/?to=/:account/:zone/ssl-tls/edge-certificates" />
+
+2. For **Opportunistic Encryption**, switch the toggle to **On**.
 
 </TabItem> <TabItem label="API">