You will need to open a support ticket to request a CSR for your domain.
And then using the steps found below, use the CSR we provided to generate your certificate, we recommend setting the Certificate Validity to 15 years.
- Log in to Cloudflare.
- Select the appropriate account for the domain requiring an Origin CA certificate.
- Select the domain.
- Click the SSL/TLS app.
- Click the Origin Server tab.
- Click Create Certificate to open the Origin Certificate Installation window.
- In the Origin Certificate Installation window, choose:
I have my own private key and CSR - requires pasting the Certificate Signing Request we provided into the text field.
- List the hostnames (including wildcards) the certificate should protect with SSL encryption. The zone root and first level wildcard hostname are included by default.
- Set the Certificate Validity to 15 years
- Finally click Create
When you have finished, download the certificate in PEM format and reply to your support ticket being sure to attach the certificate.