A question regarding Cloudflare Free SSL

I have manually installed an SSL certificate on my site… Will the Cloudflare DNS override my SSL and enforce its flexible SSL instead?

Cloudflare need to terminate the client SSL connection, so the Universal SSL certificate will be used if the DNS is set to :orange:. However, as you have an SSL certificate on your Origin, you should set the SSL mode to Full or Full (Strict). This will secure the connection from Cloudflare to your server. Flexible is not recommended, as it means the connection from Cloudflare to your Origin is not secure.

1 Like

Okay, I just set it up and it has been set to ‘Full’ by default. The certificate on my server is issued by ‘ZeroSSL RSA Domain Secure Site CA’… Can I enable the ‘Full(strict)’ option in Cloudflare settings?

If the ZeroSSL RSA Domain Secure Site CA is valid (meaning it is in date, matches the public facing hostname, and is from a publicly trusted CA), then Full (strict) is recommended.

1 Like

Yes, it is valid, in fact I’ll keep replacing the old keys with the new ones in due time to ensure my site stays secure. I have set it to Full (strict) as recommended by you.
Thank you for the help! :smiley:

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.