I’m having trouble generating the Certificate Chain. We currently have a domain in OKTA, which is going to expire the SSL certificate, but the problem is that in OKTA they ask me for the Certificate Chain, which I don’t know where to get it in Cloudflare.
I have the Origin Certificate and Private Key, but I don’t know where I get the other one.
I can’t envision a scenario where you’d want to use a Cloudflare origin certificate in Okta. An Origin certificate is a self signed certificate from Cloudflare not trusted by browsers by default and meant to secure communications between Cloudflare’s edge and an origin.
There info for the cert chain is here: Origin CA certificates · Cloudflare SSL/TLS docs but you really should be using a real certificate from a CA.
I have reviewed that documentation from head to toe and I don’t see anything that refers to the Certificate Chain.
Does Okta ask you:
a) Certificate + Private key + Chain (cabundle), or
b) Full certificate chain + Private key?
If it’s the first one, you can download Cloudflare’s Origin CAs through @cscharff post, or via the following links:
If your case is case b), then download the corresponding Origin CA, and append it to you Origin Server certificate.
Hope it helps!
As they say: “There is no worse blind than the one who does not want to see” hehe. I have really achieved it, thank you very much @Lumito @cscharff
I did as he told me @cscharff
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.