Certificate Chain (OKTA)

Answer these questions to help the Community help you with Security questions.

I’m having trouble generating the Certificate Chain. We currently have a domain in OKTA, which is going to expire the SSL certificate, but the problem is that in OKTA they ask me for the Certificate Chain, which I don’t know where to get it in Cloudflare.

I have the Origin Certificate and Private Key, but I don’t know where I get the other one.

I can’t envision a scenario where you’d want to use a Cloudflare origin certificate in Okta. An Origin certificate is a self signed certificate from Cloudflare not trusted by browsers by default and meant to secure communications between Cloudflare’s edge and an origin.

There info for the cert chain is here: Origin CA certificates · Cloudflare SSL/TLS docs but you really should be using a real certificate from a CA.

1 Like

I have reviewed that documentation from head to toe and I don’t see anything that refers to the Certificate Chain.

Does Okta ask you:

a) Certificate + Private key + Chain (cabundle), or
b) Full certificate chain + Private key?

If it’s the first one, you can download Cloudflare’s Origin CAs through @cscharff post, or via the following links:

If your case is case b), then download the corresponding Origin CA, and append it to you Origin Server certificate.

Hope it helps!

As they say: “There is no worse blind than the one who does not want to see” hehe. I have really achieved it, thank you very much @Lumito @cscharff

I did as he told me @cscharff

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.