Check origin server SSL expiry


#1

Before activating our site on Cloudflare I could click the padlock and view our SSL certificate. Now I see the sni.cloudflaressl.com certificate, naturally.

We are using Full (Strict) crypto so we still have our privately bought SSL certificate on our origin server.

Is there a way to view or check our origin SSL now it is proxied? I would like to be able to check its expiry date.

Also does Cloudflare warn when the origin server certificate approaches its expiry date?


#2

You could either use the hosts file to temporarily redirect requests to the origin or use a tool like OpenSSL to establish an SSL connection to your server and check it that way.


#3

Thanks. Ok yes I thought about using my hosts file after posting the question. I’d just thought the Cloudflare dashboard might have had a tool for that somewhere around the crypto area.

Thanks, I will do that then!


#4

You could also create an additional DNS record with a long, unique hostname, which you do not proxy. Though that still always leaves room for someone to discover it (regardless of how unique it is) and leak your actual IP address.