Can we know what certificate Cloudflare sees at origin?

Let’s say that I am using SSL mode “Full” at the moment and SSL Certificate at origin is expired or not trusted, at this point the website appears to users as ‘secured’ because Cloudflare provides universal SSL and doesn’t care if cert at origin is valid or not.

Then I change origin certificate to be a trusted one, say from Let’s Encrypt. Is there a way to know what certificate does Cloudflare see at origin? So I can be sure that switching SSL mode to “Full (strict)” will definitely work and won’t show certificate error page in case the origin certificate isn’t trusted for some reasons.

Thanks.

Sadly, no. There’s no way to get a peek behind the scenes to know if it’s Flexible or Full (Strict). You’d have to manually test on your own:

To display the origin certificate (assuming one is installed), replace 203.0.113.34 below with the actual IP address of your origin web server and replace www.example.com with your domain and host name:

curl -svo /dev/null https://www.example.com --connect-to ::203.0.113.34 2>&1 | egrep -v "^{.*$|^}.*$|^* http.*$"

2 Likes

Thanks. This is exactly what I am looking for.

1 Like

There’s a related feature request

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.