Create a client certificate
To create a client certificate on the Cloudflare dashboard:
- Log in to the Cloudflare dashboard ↗ and select your account and zone/domain.
- Go to SSL/TLS > Client Certificates.
- Select Create Certificate and fill in the required fields. You can choose one of the following options:
-
Generate a private key and Certificate Signing Request (CSR) with Cloudflare.
-
Use your own private key and CSR. This option allows you to also label client certificates.
Example OpenSSL command
To generate and use your own CSR, you can run a command like the following:
Terminal window openssl req -new -newkey rsa:2048 -nodes -keyout client1.key -out client1.csr -subj '/C=GB/ST=London/L=London/O=Organization/CN=CommonName'
- Select a value for Certificate Validity, and choose Create.
- Make sure to copy the certificate and private key as they will no longer be displayed after creation.
- Select OK to confirm.
After creating the client certificate, make sure it is installed on the client devices and enable mTLS for each hostname that should require a certificate from clients.
Refer to our mTLS at Cloudflare learning path for further context.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark