Sign up

Keyless SSL

Retain control over your SSL private keys

Get all of the benefits of the cloud (including DDoS mitigation, load balancing, and WAN optimization) without having to choose between encrypting web traffic or giving your SSL private keys to a third-party provider.

Talk to an expert in Cloudflare Keyless SSL

Select your job level... *
C-Level
VP
Director
Manager
Individual Contributor
Student
Other
Select your job function... *
IT
Security
Network
Infrastructure
Engineering
DevOps
Executive
Product
Finance/ Procurement
Sales / Marketing
Student
Press / Media
Other
Select your country...
Afghanistan
Aland Islands
Albania
Algeria
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Australia
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belgium
Belize
Benin
Bermuda
Bhutan
Bolivia, Plurinational State of
Bonaire, Sint Eustatius and Saba
Bosnia and Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Canada
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Congo, the Democratic Republic of the
Congo
Cook Islands
Costa Rica
Cote d'Ivoire
Croatia
Cuba
Curaçao
Cyprus
Czech Republic
Denmark
Djibouti
Dominica
Dominican Republic
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guatemala
Guernsey
Guinea-Bissau
Guinea
Guyana
Haiti
Heard Island and McDonald Islands
Holy See (Vatican City State)
Honduras
Hong Kong
Hungary
Iceland
India
Indonesia
Iran
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Japan
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Libya
Liechtenstein
Lithuania
Luxembourg
Macao
Macedonia, the former Yugoslav Republic of
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Moldova, Republic of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
North Korea
Norway
Oman
Pakistan
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Barthélemy
Saint Helena, Ascension and Tristan da Cunha
Saint Kitts and Nevis
Saint Lucia
Saint Martin (French part)
Saint Pierre and Miquelon
Saint Vincent and the Grenadines
Samoa
San Marino
Sao Tome and Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Singapore
Sint Maarten (Dutch part)
Slovakia
Slovenia
Solomon Islands
Somalia
South Africa
South Georgia and the South Sandwich Islands
South Korea
South Sudan
Spain
Sri Lanka
Sudan
Suriname
Svalbard and Jan Mayen
Swaziland
Sweden
Switzerland
Syria
Taiwan
Tajikistan
Tanzania, United Republic of
Thailand
Timor-Leste
Togo
Tokelau
Tonga
Trinidad and Tobago
Tunisia
Turkey
Turkmenistan
Turks and Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United Kingdom
United States
Uruguay
Uzbekistan
Vanuatu
Venezuela, Bolivarian Republic of
Viet Nam
Virgin Islands, British
Wallis and Futuna
Western Sahara
Yemen
Zambia
Zimbabwe
Keyless SSL - Hero - Image

Benefits of Keyless SSL

Security shield protection checkmark - Icon
Enhanced security control

This solution allows you to maintain control over your SSL keys while still benefiting from Cloudflare’s robust security. Unlike traditional SSL services, you don’t need to share your private key, reducing potential security risks.

Geo key manager - Icon
Compliance with policies

For organizations with strict security policies or regulatory requirements, this approach ensures compliance by allowing you to keep your SSL keys private. This helps avoid any policy conflicts associated with key sharing.

Optimization scale - Icon
Technical flexibility

This service overcomes technical barriers that may prevent the sharing of SSL keys. It provides a seamless integration with Cloudflare’s network while accommodating technical constraints and preferences.

Traffic Legit Browser Tile - Icon
Protected encrypted traffic

Your encrypted traffic is routed through Cloudflare’s global network, ensuring the same level of protection and performance as with standard SSL services, but with the added benefit of key control.

Keyless SSL - How it works - Illustration

HOW IT WORKS

Communication over a secure, encrypted channel

Keyless SSL requires that Cloudflare decrypt, inspect, and re-encrypt traffic for transmission back to a customer’s origin.

For SSL traffic with Keyless SSL enabled, there is one additional endpoint involved in the initial SSL session creation, after which normal transmission resumes.

For more details, see this blog post.

Maximize the power of TLS

Helping enterprises all over the world protect their applications

Top Keyless SSL use cases

Move to the cloud while keeping your keys in your own environment

Geo key manager - Icon
Store private keys on your own hardware

Use Cloudflare Tunnels or Public DNS to send traffic to the key server through a secure channel, without publicly exposing it to the rest of the Internet.

Server origin - Tile
Accommodate geographic needs

Keyless SSL allows Cloudflare to honor preferences about the country in which your keys are stored, either ourselves or in partnership with trusted third parties serving as key storage agents.

Resources

Thumbnail - Insight - Template 5 Graphs

Documentation

Deployment docs for Keyless SSL
Read more
Thumbnail - Insight - Template 1 Lightbulb

Report

State of Application Security 2024
Read report
Report thumbnail

Article

Website security guide: A 10-step checklist
Learn more
Thumbnail - Insight - Template 1 Lightbulb

Explore

Search for available domain names on Cloudflare Registrar
Learn more
Security Shield Protection Icon

Get Keyless SSL for your enterprise

Talk to an expert in Cloudflare Keyless SSL

Select your job level... *
C-Level
VP
Director
Manager
Individual Contributor
Student
Other
Select your job function... *
IT
Security
Network
Infrastructure
Engineering
DevOps
Executive
Product
Finance/ Procurement
Sales / Marketing
Student
Press / Media
Other
Select your country...
Afghanistan
Aland Islands
Albania
Algeria
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Australia
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belgium
Belize
Benin
Bermuda
Bhutan
Bolivia, Plurinational State of
Bonaire, Sint Eustatius and Saba
Bosnia and Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Canada
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Congo, the Democratic Republic of the
Congo
Cook Islands
Costa Rica
Cote d'Ivoire
Croatia
Cuba
Curaçao
Cyprus
Czech Republic
Denmark
Djibouti
Dominica
Dominican Republic
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guatemala
Guernsey
Guinea-Bissau
Guinea
Guyana
Haiti
Heard Island and McDonald Islands
Holy See (Vatican City State)
Honduras
Hong Kong
Hungary
Iceland
India
Indonesia
Iran
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Japan
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Libya
Liechtenstein
Lithuania
Luxembourg
Macao
Macedonia, the former Yugoslav Republic of
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Moldova, Republic of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
North Korea
Norway
Oman
Pakistan
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Barthélemy
Saint Helena, Ascension and Tristan da Cunha
Saint Kitts and Nevis
Saint Lucia
Saint Martin (French part)
Saint Pierre and Miquelon
Saint Vincent and the Grenadines
Samoa
San Marino
Sao Tome and Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Singapore
Sint Maarten (Dutch part)
Slovakia
Slovenia
Solomon Islands
Somalia
South Africa
South Georgia and the South Sandwich Islands
South Korea
South Sudan
Spain
Sri Lanka
Sudan
Suriname
Svalbard and Jan Mayen
Swaziland
Sweden
Switzerland
Syria
Taiwan
Tajikistan
Tanzania, United Republic of
Thailand
Timor-Leste
Togo
Tokelau
Tonga
Trinidad and Tobago
Tunisia
Turkey
Turkmenistan
Turks and Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United Kingdom
United States
Uruguay
Uzbekistan
Vanuatu
Venezuela, Bolivarian Republic of
Viet Nam
Virgin Islands, British
Wallis and Futuna
Western Sahara
Yemen
Zambia
Zimbabwe