Introducing the Cloudflare Geo Key Manager

Cloudflare has introduced a new feature called Geo Key Manager that allows customers to control the distribution of their private SSL keys based on an assessment of physical controls. This comes as a response to increasing geopolitical concerns and regulatory frameworks, especially for multinational companies. The Geo Key Manager provides options such as "Everywhere", "U.S. Only" or "E.U. Only", and "Highest Security Data Centers". While the first HTTPS request made to a data center that does not hold your private key requires a bit of overhead, all subsequent requests after the initial one will be just as fast as if the key were local thanks to SSL/TLS session resumption. Cloudflare plans to extend Geo Key Manager to work with Dedicated Certificates and allow Enterprise users to specify a precise list of data centers for their keys.