APIM Consumption Tier, Custom Domain, Cloudflare & third level subdomain

Good evening everyone,

I have the following question, and need help (That i post on reddit bcs this platform don’t allow to add multiple images and urls).

Reddit: APIM Consumption Tier, Custom Domain, Cloudflare & third level subdomain.

UPDATE 2021-09-02
I tested the edge certificated and it works, so i updated the reddit questions if you wanna know the results, regards.

Sorry about that, I adjusted your permissions a bit to let you do more on this site as a new user.

That’s a really detailed post, this may point you in the direction of a solution, let us know if it helps.

1 Like

Hi Cloonan, first of all thanks for your response.

According to your link, i think the’res only two points that can help me.

  1. Should you need a certificate which covers multi-level sub-domains, you can purchase a Dedicated SSL Certificate with Custom Hostnames, where you can declare any multi-level subdomains during purchase.
  2. Wait 24-hours, it may just be a timing issue that will resolve itself. After you wait 24-hours, try it again.

So, i make the entire process again, and i will wait 24-hours for check the site, when i make the processs, now the site looks like this and i’m getting a different error this time “ERR_SSL_VERSION_OR_CIPHER_MISMATCH”:

And PostMan look like this:

As i say i will wait 24-hours for check the site, otherwise i think i need to pay the 10USD for the beyond first-level subdomains:


Yes, I’d go for Advanced Certificate Manager for a multiple level subdomain, https://developers.cloudflare.com/ssl/edge-certificates/advanced-certificate-manager

An additional question, if I make the change, I buy this service, then can I download the .PEM or .PCKS12 files as I did before to add them in Azure or is this not allowed?

You can download “origin certificates” that are only trusted by Cloudflare and thus are only good when the DNS record is set to proxied. If you want to download the actual browser-trusted certificate private key, this is not possible on CF, even with ACM.


For the specific escenario that i test, the plan of 10USD allows me to generate a PEM or PCKS12 downloadeable for the “tree.two.example.com” domain to use it on the Azure APIM Service? bcs otherwise this alternative don’t solves my problem.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.