Keyless SSL
Retain control over your SSL private keys
Get all of the benefits of the cloud (including DDoS mitigation, load balancing, and WAN optimization) without having to choose between encrypting web traffic or giving your SSL private keys to a third-party provider.
Benefits of Keyless SSL
Enhanced security control
This solution allows you to maintain control over your SSL keys while still benefiting from Cloudflare’s robust security. Unlike traditional SSL services, you don’t need to share your private key, reducing potential security risks.
Compliance with policies
For organizations with strict security policies or regulatory requirements, this approach ensures compliance by allowing you to keep your SSL keys private. This helps avoid any policy conflicts associated with key sharing.
Technical flexibility
This service overcomes technical barriers that may prevent the sharing of SSL keys. It provides a seamless integration with Cloudflare’s network while accommodating technical constraints and preferences.
Protected encrypted traffic
Your encrypted traffic is routed through Cloudflare’s global network, ensuring the same level of protection and performance as with standard SSL services, but with the added benefit of key control.
HOW IT WORKS
Communication over a secure, encrypted channel
Keyless SSL requires that Cloudflare decrypt, inspect, and re-encrypt traffic for transmission back to a customer’s origin.
For SSL traffic with Keyless SSL enabled, there is one additional endpoint involved in the initial SSL session creation, after which normal transmission resumes.
For more details, see this blog post.
Maximize the power of TLS
Helping enterprises all over the world protect their applications
Top Keyless SSL use cases
Move to the cloud while keeping your keys in your own environment
Store private keys on your own hardware
Use Cloudflare Tunnels or Public DNS to send traffic to the key server through a secure channel, without publicly exposing it to the rest of the Internet.
Accommodate geographic needs
Keyless SSL allows Cloudflare to honor preferences about the country in which your keys are stored, either ourselves or in partnership with trusted third parties serving as key storage agents.
Resources
