Cloudflare Keyless SSL is a feature of Cloudflare’s SSL/TLS service that allows organizations to secure their web traffic using Cloudflare’s global edge network while retaining control of their private TLS keys. Instead of storing private keys within Cloudflare’s infrastructure, Keyless SSL enables these keys to remain in a customer-managed environment. Cloudflare terminates incoming client connections at its globally distributed edge locations and handles the majority of the TLS handshake process. When a private key operation is required during the handshake, Cloudflare securely communicates with an external key server to complete the operation.
This approach separates TLS processing from private key storage, allowing organizations to leverage Cloudflare’s performance and security capabilities such as content delivery optimization, traffic acceleration, and DDoS protection while maintaining full ownership and control over cryptographic keys.
Cloudflare Keyless SSL is designed to integrate with external key management systems through a secure and authenticated connection, ensuring that sensitive key operations are performed without exposing private key material to Cloudflare’s infrastructure.