Ask: Cloudflare api generate origin cert

brm.ryd · August 1, 2022, 8:20am

Hi All,

i’d like to try using api token within my ansible playbook for generate origin certificate & i’m wondering if i can generate the origin certificate without the needs to have CSR in the api variables ? as from webpanel in Cloudflare i can generate private key & CSR with Cloudflare
below are the task playbook i currently test please feel free to cmiiw

    - name: uri module
      ansible.builtin.uri:
        url: "https://api.cloudflare.com/client/v4/certificates"
        method: POST
        headers:
          Content-Type: application/json
          Authorization: "Bearer <token>"
        body_format: json
        body:
           hostnames: "domain.com"
          requesprted_validity: 5475
          request_type: "origin-ecc"
          csr: ""

Many thanks & appreciate your help

sandro · August 1, 2022, 8:23am

The API does require a CSR.

https://api.cloudflare.com/#origin-ca-create-certificate

brm.ryd · August 1, 2022, 9:30am

Many thanks Sandro,
i tried to check on my Cloudflare account and based on Cloudflare doc to generate CSR should go

SSL / TLS → Edge certificates.
On Certificate Signing Request (CSR), click Generate.

But some how i dont see a button / menu for "Certificate Signing Request ( CSR) on that menu, perhaps i misunderstand something related with CSR

sandro · August 1, 2022, 9:42am

You wouldn’t generate the CSR on Cloudflare, but with any other regular tool, for example OpenSSL.

brm.ryd · August 1, 2022, 1:47pm

Many thanks Sandro, sorry if perhaps you know why when use Cloudflare api we need to use the csr instead unlike when use Cloudflare web based we have 2 options when we want to generate origin server (either automatically from Cloudflare or using csr by input our csr key )

Perhaps are there any advantages when we create origin cert with csr instead automatically from Cloudflare ?

sandro · August 1, 2022, 1:57pm

The only advantage with a CSR is that you keep the key on your side, whereas when you create it via the UI, Cloudflare could keep it in theory.

If you want to call the API, just pass along your CSR and the certificate should be issued just fine.

system · August 4, 2022, 1:58pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Can I generate CSR for Origin CA using the API? Security	9	2785	November 16, 2021
Not getting private when creating Origin Server Certificate from Cloudfare API Security	2	2143	November 14, 2021
Intermediate certificate required. Unable to get issuer certificate Security	1	666	October 28, 2023
How to generate CSR for thirdparty SSL Security	6	4611	November 22, 2019
Generting CSR using Cloudflafe General	4	971	May 10, 2023

Ask: Cloudflare api generate origin cert

Related topics