Limitations
Universal SSL certificates are limited by:
- the hostnames they cover, and
- the client browsers they support.
Hostname coverage
Universal SSL certificates only support SSL for the root or first-level subdomains such as example.com and www.example.com. To enable SSL support on second, third, and fourth level subdomains such as dev.www.example.com or app3.dev.www.example.com, you need to purchase a paid SSL.
Browser support
Universal SSL uses Server Name Indication (SNI) certificates with Elliptic Curve Digital Signature Algorithm (ECDSA). It is possible for Cloudflare Support to enable non-SNI support for domains on Pro, Business, or Enterprise plans for Universal, Dedicated, Custom, or Custom Hostname certificates. SNI and ECDSA certificates work with the following modern browsers:
Desktop Browsers installed on Windows Vista or OS X 10.6 or later:
- Internet Explorer 7
- Firefox 2
- Opera 8 (with TLS 1.1 enabled)
- Google Chrome v5.0.342.0
- Safari 2.1
Mobile Browsers:
- Mobile Safari for iOS 4.0
- Android 3.0 (Honeycomb) and later
- Windows Phone 7
Getting Paid SSL Certificates
For paid SSL certificates, you may refer to https://www.apc.sg/ssl-certificates.