I am using cloudflare to proxy requests to my server and within my server I have added support for subdomains. The issue is that my server only has an ssl certificate issued to the root domain, but the cloudflare certificate has support for wildcards. Whenever there is a request to the root domain the ssl certificate from cloudflare is used but when I try to access a subdomain my server's certificate is used and I get a nasty the domain is insecure error. Any suggestions as to how I can fix this? There is a CNAME record within cloudflare which has the * name as an alias to my domain.
If you're on a Free CloudFlare account, only browsers with SNI support work. This is so CloudFlare doesn't need to assign an IP for every free client; using a Pro account you can have support for legacy browsers which don't support SNI.
Related
Im using hostgator as my host.They do not provide free ssl certificate.So im using cloudflare free ssl certificate for my site.SSL certificate working everywhere except Cpanel.
I tried manually adding ssl through cpanel option.But not really working!Is there any way i can add it there?
Or it will be really good if my cpnael url cpanel.site.com won't just show up to that address.
If you want to use the CloudFlare SSL certificate then there is no need to add that SSL certificate to yoru cpanel nor to your site. Read the cloudflare documentation in order to see how to create and use Page Rules and their SSL certificate. cPanel has nothing to do with it. CF works just fine with cPanel/WHM and pretty much with any other related hosting panel. Your site can be http only in cPnel and then you do the HTTPS redirection from Clouflare using their Flexible SSL and page rules
cpanel.yourdomain.com ssl is related to server side. If your host allow autossl with Let's Encrypt (for example) then it will install ssl for all your necessary subdomains like webmail, cpanel, mail, www etc. If you are installing ssl manually, then you cannot install it for cpanel subdomain. However if you want to use cpanel securely and have enabled ssl with yourdomain.com the you can use it:
https://yourdomain.com:2083
I have a server which is hosting a domain named abc.com . I have an SSL certificate installed for this domain on server and abc.com require SSL. Now I have a sub domain say sub.abc.com which is secured by another SSL certificate.
Now this is what I did to bind. Clicked the main site abc.com in IIS and opened bindings. Now in bindings, I added https and for IP Address I gave All Unassigned. For SSL certificate I selected the SSL cert for abc.com.
Again for the sub domain binding I followed same steps but under IP Address I gave the IP (19.xxx.xx.xx) of my server. Under certificate I picked the certificate for sub.abc.com.
Now on a browser if I open sub.abc.com its working fine. But if I load abc.com then the site is loading with warning and its displaying the certificate of sub.abc.com instead of abc.com . In bindings I can confirm that I have mapped to correct certificate.
Not sure whats going wrong here. Any help highly appreciated.
If you are running IIS 8 and above, you can use SNI,
http://www.iis.net/learn/get-started/whats-new-in-iis-8/iis-80-server-name-indication-sni-ssl-scalability
You may also go for WildCard certificate i.e a certificate issues to *.abc.com for the root domain , this will not only simplify your deployment and will provide adequate security as well.
I want to serve files from A server with cloudflare.
I cannot disable SSL on A server. Simply I pointed my domain to A server. When I type https://example.com chrome says that Your connection is not private.
Is it possible to make cloudflare serve files from A server over http not https?
Or can I make cloudflare to use a different SSL?
CloudFlare has a few different SSL options:
CloudFlare's Flexible SSL will allow communication between the client and CloudFlare over HTTPS whilst the connection from CloudFlare to the origin is over HTTP.
In addition to this, if the certificate is just unsigned but still returns the correct website files you can actually utilise Full SSL (but not Full (Strict)). By contrast Full (Strict) will require a signed certificate from the origin to CloudFlare.
I'm working on a Ruby on Rails SaaS app with a custom subdomain for each company. When a company signs up, the user is redirected to her subdomain.myapp.io.
The app is hosted on Heroku and DNS are managed at CloudFlare. I use the free SSL feature provided by CloudFlare, which works as expected for https://myapp.io.
My issue is about having SSL active for the subdomains. I wonder if this is possible without buying a wildcard SSL certificate.
CloudFlare DNS setup:
myapp.io. 300 IN CNAME myapp.herokuapp.com.
*.myapp.io. 300 IN CNAME myapp.herokuapp.com.
Heroku domains setup:
myapp.io
*.myapp.io
This works, but without SSL on subdomains. It is not possible to use CloudFlare features (such as SSL Full) for wildcard subdomains (except for Entreprise plan users).
I think I need to buy a wildcard SSL certificate for my domain ($115/year) and add the SSL Endpoint Heroku add-on ($7/month). Am I wrong?
Short answer:
You can't have a free wildcard SSL (Full protection) for subdomains on CloudFlare (Free plan).
Long answer:
I mean using wildcard with CloudFlare (Free plan), CloudFlare proxy protection and acceleration are bypassed (no orange cloud) so your origin server SSL certificate will be used instead. So to enable SSL you need to add a CNAME record for each subdomain (the cloud icon should be orange).
Example:
foo.myapp.io. 300 IN CNAME myapp.herokuapp.com.
bar.myapp.io. 300 IN CNAME myapp.herokuapp.com.
(You don't need to add any record for custom domains in Heroku if you already have *.myapp.io)
[EDIT]
Maybe you can add DNS records dynamically via CloudFlare's API (https://api.cloudflare.com/#dns-records-for-a-zone-create-dns-record)
(I didn't try that...)
Workaround:
As you said:
Pay for CloudFlare Enterprise
Buy a wildcard SSL certificate + Heroku SSL SNI (https://devcenter.heroku.com/articles/ssl-beta)
Hope it will help.
Can I have EV SSL for my main domain (say www.example.com) and Wilcard SSL for my subdomains (say eb1.example.com, eb2.example2 etc)?
If yes, then can you please let me know how to configure it?
If not, then please suggest me alternate methods.
All the subdomains and the domain will be hosted on Amazon and will have one IP.
Yes, you can purchase an EV SSL Certificate for your main domain and wildcard SSL certificate for the sub domain names.
Please ensure that the Main domain has a dedicated IP Address and it is not shared with the sub domains.
You can have use multiple certificates at the same time which overlap in the subjects like in your case. To have multiple certificates for the same IP address the serve and client must support SNI. Most modern server and browsers do. But older browser like IE8 on XP do not and support within non-browser application is mixed.