Excellent, glad you were able to figure that out. I will let our docs team know that our screenshots need updating.
As far as Pivotal SSL Service, it is meant to catch some use cases that won't work with Cloud Flare. For example, Cloud Flare requires you to pass control of DNS over to Cloud Flare. If you can't/don't want to do that, then Pivotal SSL Service is an option for you.
Pivotal SSL Service would also be an option if you already have your own certificates and want to use them or if you need more control over the certificates that are generated and used. I think Cloud Flare lets you do this, but it requires one of their paid plans which are more expensive than the SSL Service (don't quote me on that though, I'm not a Cloud Flare expert by any means).
Hope that helps!