Cloudflare Origin CA Certificate
Issue a free Cloudflare Origin CA certificate to encrypt the connection between Cloudflare's edge and your origin server (the "Full (Strict)" SSL mode).
What Gets Created
- A
cloudflare_origin_ca_certificatevalid for the requested hostnames. - When no CSR is supplied: a generated private key + CSR (via the
tlsprovider), with the key exported as a sensitive output.
Prerequisites
- A Cloudflare API token with
SSL and Certificatespermission (the deprecated Origin CA Key is not required).
Configuration Reference
Required
hostnames— the SANs the certificate covers (e.g. the zone apex and a wildcard).
Optional
requestType—origin-rsa(default),origin-ecc, orkeyless-certificate.requestedValidity— 7, 30, 90, 365, 730, 1095, or 5475 days (default 5475).csr— supply your own CSR to keep your key private (no key is generated).
Stack Outputs
| Output | Description |
|---|---|
certificate_id | The certificate identifier |
certificate | The issued certificate (PEM) |
private_key | The generated private key (PEM, sensitive); empty if a CSR was supplied |
expires_on | Expiry timestamp |
Related Components
CloudflareDnsRecord,CloudflareDnsZone
Next article
Cloudflare Pages Project
Cloudflare Pages Project Host a static site or full-stack app (static assets + Pages Functions) on Cloudflare's edge, with a connected git repository for automatic builds or direct uploads of a pre-built site. What Gets Created A cloudflarepagesproject (the project), with its build configuration, optional git source, and per-environment deployment configuration (bindings, env vars, compatibility, limits). One cloudflarepagesdomain per attached custom domain. Prerequisites A Cloudflare account...