Are the settings correct?

Vily · July 24, 2021, 4:37pm

I added a domain without a certificate in flexible mode.

The browser showed that the domain has the R3 certificate for 3 months.

I issued a self signed certificate for 10 years and installed it in the hosting panel.

I switched the mode from flexible to full.

The browser showed that the domain has the R3 certificate for 3 months.

Is everything set up correctly?

domjh · July 24, 2021, 4:39pm

Hi @Vily,

Not really, you should install a Cloudflare Origin Certificate instead of the self-signed one, that can be valid for up to 15 years and means you could set your SSL/TLS mode to Full (Strict) which is actually the only fully secure option there.

https://developers.cloudflare.com/ssl/origin-configuration/origin-ca

As for the certificate your visitors see, that won’t change when you get the certificate on your origin.

Vily · July 24, 2021, 4:46pm

i know how to use full strict

i have a question about my own self-signed certificate in Full mode

the browser shows me that the R3 certificate is installed on the domain for 3 months

is everything set up correctly?

sandro · July 24, 2021, 4:52pm

Vily · July 24, 2021, 4:54pm

thanks, but I don’t need it

sandro · July 24, 2021, 4:55pm

If you want a secure site you do.

Vily · July 24, 2021, 5:00pm

let’s explain the essence of what I need it for

my hosting doesn’t allow installing Cloudflare certificate for 15 years

on the hosting you can order and issue R3 for 3 years, but I did not issue it

hosting does not have automatic renewal for R3

I don’t want to remember that the certificate needs to be renewed

so i issued self signed for 10 years and switched to full mode

the browser shows me that I have R3 installed for 3 months

Does everything work for me correctly?

sandro · July 24, 2021, 5:03pm

If you don’t have a valid certificate most definitely not, as you will never be able to establish a properly secured connection.

Vily · July 24, 2021, 5:07pm

let me ask you a leading question

full mode is designed to work with a self-signed certificate

what certificate should the browser show if full mode is connected and a self-signed certificate is installed on the server?

R3 or Cloudflare Inc ECC CA-3?

Vily · July 24, 2021, 5:10pm

full mode is designed to work with a self-signed certificate

i installed it

what type of certificate should the browser tell me?

now he’s showing R3 for 3 months

which one should show in full mode?

domjh · July 24, 2021, 5:10pm

This discussion is going in circles. If you want a secure site, you need to use Full (Strict).

I also answered your other question in my first reply:

sandro · July 24, 2021, 5:11pm

Full mode is based on broken semi-encryption and is insecure but that’s all covered by the link posted earlier.

Vily · July 24, 2021, 5:11pm

thanks, but I don’t need it

sandro · July 24, 2021, 5:12pm

Not my personal quote but a wise man once said here on the forums

Don’t come here all acting like HTTPS is important when you didn’t even bother to get it from your host.

Vily · July 24, 2021, 5:17pm

i have self signed certificate 10 years old it is installed and working

I can see it if Cloudflare is disabled

i turn on Cloudflare

now full mode comes into play

the browser shows that I have R3 for 3 months

does everything work correctly?

Huge request: if you want to write me about the full strict regime, then skip the topic.

domjh · July 24, 2021, 5:19pm

Hi again @Vily,

Your question has been answered twice in this thread already, so I merged your new post back here.