Certificate bundle/trust chain

Hi all,

I am a bit confused about the certificate bundle/trust chain topic from what I have read and would ask for a conformation or help.

I need to forward a subdomain from let’s say coffee to a other domain let’s say tea
This is needed for a business case.

The company where we want to forward it, needs the following files to let the portal work properly.
Certificates in RSA 2048 bit format
Private key from subdomain (certificate.key)
Certificate from subdomain (certificate.crt)
Certificate bundle/trust chain (cabundle.crt)

I made under the tab DNS the following records:
Type: C NAME
Name: coffee
Content: tea
TTL: 1hr

I then went to the SSL tab > Origin Server.
clicked on create SSL.

Generate private key and CSR with Cloudflare: RSA(2048)
Hostnames: coffee
Certificate Validity: 15 years

After that I clicked on create button.
Key Format: PEM
Origin Certificate:
Private Key:

I copied the data from Origin Certificate and saved it to a textfile named certificate.crt
Then I copied the data from Private Key and saved it to a textfile named certificate.key

I downloaded the file origin_ca_rsa_root.pem from the Cloudflare server and renamed it to cabundle.crt

Could somebody confirm if I now meet the requirement that is needed to make the portal work properly? And if not could somebody help me out with this?

With kind regards,


When creating an origin certificate, there isn’t a certificate bundle. The cert is only good from your origin to Cloudflare. In this case, you would skip the cabundle.crt


Thank you for your reply but the company of the portal need those files to let it work properly.

I have read that it is not possible to download a cabundle from Cloudflare but I would guess there would be a solution for getting those files or make your own cabundle.

Monday is the deadline and the portal must be in use by then…
I hope somebody could provide me with an answer to make this happen.

@dev2 Here you have the Origin Root CA files (cabundle):

Source: Origin CA certificates · Cloudflare SSL/TLS docs


thx Lumito,

What you wrote is exactly what I have wrote/done,
I hope that this will work!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.