I am using the free version of Cloudflare and I created a wildcard SSL certificate for 1 level subdomain using 'Origin Certificates', upload this on Azure web app and configured the wild card subdomain on Cloudflare without the traffic goes through Cloudflare. It gives me the below error.
Error:
http://prntscr.com/ormgne
NET::ERR_CERT_AUTHORITY_INVALID
Subject: CloudFlare Origin Certificate
Issuer: CloudFlare, Inc.
Cloudflare Settings:
http://prntscr.com/ormgye
Azure webApp settings:
http://prntscr.com/ormhop
My application is a multitenant and creating a subdomain dynamically.
Screenshots provided above.
Expected Result: The SSL should be enabled on wildcard subdomain.
It should be like that. Because the origin Certificates you created from Cloudflare are only valid for encryption between Cloudflare and your origin server.
It is only used to protect the traffic between your server and Cloudflare.
However, Cloudflare is not a trusted CA issuer, if you access your website directly (without Cloudflare), your browser will not trust the Certificate. You can consider the Certificate as a self-signed Certificate.
To solve this:
You can purchase a SSL Certificate from trust issuer. For example: DigiCert, GoDaddy or Let's Encrypt (free)
Or, you can turn on the protection to make the traffic go through Cloudflare.
Related
In cloudflares cryptography settings I have set SSL to Full (Strict) and the Universal SSL Status is on Active Certificate as you can see:
But the thing is I am using also a certificate on my server by letsencrypt/certbot, which also works If I deactivate cloudflare, so I wonder if there is now some kind of double encryption?
nginx(ssl) --> cloudflare(ssl) --> enduser
There is no double encryption in the form of two encryptions inside each other. Instead there is one encryption between browser and Cloudflare and another one between Cloudflare and nginx. Both Cloudflare and nginx have access to the plain (unencrypted) data. The browser will only see and validate the certificate from Cloudflare while Cloudflare will see and validate the certificate from LetsEncrypt (served from nginx).
My website is managed by Cloudflare, basically, the direct IP access is disabled. And also, I have a Comodo SSL certificate purchased from Comodo as well.
As per this, I believe installing the Comodo certificate purchased by me on the server instead of Cloudflare and using Cloudflare services (Direct Ip blocking) is impossible.
Is it true?
I have configured all the SSL configurations (Comodo SSL Certificate) in server level. Now the problem is with Cloudflare and server.
How can I use both Cloudflare and the server level SSL termination?
Please help me out!
Thanks
I am working on a client's site - we'll call it checkers.com - that I previously bought an SSL certificate for. They bought a european domain - checkers.eu - that that uses an A-record redirect to point to checkers.com, but setting up an SSL certificate for that domain fails because it's technically on the same IP address as the checkers.com site, and that's not allowed. How would I go about setting up an SSL certificate on checkers.eu when that domain just redirects to a domain that already has an SSL certificate?
As per your question, it seems like you are using a SSL Certificate which offering only Single Server License policy. As per SSL under this policy, you can only install SSL certificate on one domain, one IP address and one physical server. If you try to install it on same IP address it will never allow you.
You either need to purchase another server license from the Certificate Authority, or else get the SSL Certificate from Certificate Authorities which offers multiple server license such as (Comodo, Thawte, GeoTrust & RapidSSL).
To begin let's say I have this configuration :
mywebsite.com is related on machine 0.0.0.1 (with ssl certificate)
cloud.mywebsite.com is related on machine 0.0.0.2 (without ssl certificate)
can I ask for a new SSL certificate for "cloud.mywebsite.com" or this will create issues because of domain/subdomain ?
Thanks for the response.
Instead of asking for a new SSL Certificate, you only need to get Wildcard SSL Certificate that will secure your main domain as well as its all sub-domains. For example:
If you get Wildcard SSL certificate for *mywebsite.com then it will secure,
https://cloud.mywebite.com
https://mail.mywebsite.com
https://photos.mywebsite.com
https://anything.mywebsite.com
So, you will not have to manage multiple SSL certificates for your main domain and its sub-domain. Wildcard SSL certificate will reduce the hassle of server administrators for multiple SSL management. I suggest you to read this article, which will give you clear understanding of Wildcard SSL Certificate.
I have a site and I have a development subdomain I want to assign a self-signed certificate to it so I can test a login portal, I will consider buying an actual SSL certificate for my real domain, I host my site with 1and1.co.uk. I use FTP to connect.