Argo Tunned DB-Connect


I’m trying to use db-connect from Worker. Our on premise server is running Windows 2012R2 and I’ve downloaded the 64bit of cloudflared. I’ve followied the steps from the Quickstart (Get started · Cloudflare Zero Trust docs). The cert.pem file is stored in C:\Users\username\.cloudflared

The command I’m using to try and start the tunnel is:

cloudflared db-connect --hostname --url sqlserver://user:pwd@(local) --insecure

However the response is:

cloudflared does not support loading the system root certificate pool on Windows. Please use the --origin-ca-pool to specify it

I’m not sure what value I need to specify here?

Hi there!

Sorry to hear about the issues you are having with getting your tunnel up and running. Looking at the error message I am seeing it looks like this may pertain specifically to the Cloudflare Root Certificate, which I believe may require some extra steps to configure for your origin server’s operating system. I have included this article from our Cloudflare Knowledge Base with a link to the root certificate as well as some steps on how this is done:

I hope this information helps!


Thanks for the reply - we already have an origin cert installed and configured - our encryption mode is full (strict).


Hi Mark,

My Sincerest apologies for my delay on my reply back!

I was doing some searching through our documentation, and it looks like this --origin-ca-pool option does need to be included in your command (specific to your origin’s Operating System) when initializing your tunnel, and then the parameter here requires that you specify the path (on your origin server) to the installed certificate.

If possible, may I have you give this a try and see if allows you to create your tunnel?

Was there any resolution on this? We have had out tunnel running for months and now all of a sudden we’re hitting this issue.