Authenticated Origin Pulls

Hi,

Today I tried to enable Authenticated Origin Pulls. I copied
https://support.cloudflare.com/hc/en-us/article_attachments/360044928032/origin-pull-ca.pem
in /var/www/ folder.

In config I mentioned
SSLVerifyClient require
SSLVerifyDepth 1
SSLCACertificateFile /var/www/origin-pull-ca.pem

Enabled Authenticated Origin Pulls in cloudflare.
But I am getting 525 error. Did I miss any point?

Do you have SSL enabled with a valid certificate also?

SSLEngine on
SSLCertificateFile      /path/to/signed_cert_and_intermediate_certs
SSLCertificateKeyFile   /path/to/private_key

Yes I have valid SSL certificate which is already enabled.

Can you run this command and share the results (sanitise the output to remove your origins IP and domain name, and everything between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----)

openssl s_client -connect your-origin-ip-here:443 -servername www.yourdomainhere.com

Are you configured for Full, or Full (Strict)?

I am using Full Strict. I do see the certificate when I run the command. Don’t know much to share output here(I mean is it safe or not).

Delete your origin IP address (as that should be private).
Delete your domain name if you want it secret, but sharing it would help the community to help you.
Delete the -----BEGIN CERTIFICATE----- bit just because it is a big blob of useless text.

I do not think there is anything else in there that is sensitive.

Dropped the idea of implementing Authenticated Origin Pulls. Thanks for All your suggestions.

This topic was automatically closed after 30 days. New replies are no longer allowed.