Cloudflare Origin CA Certificate installation on server cPanel

I installed Cloudflare Origin CA Certificate on the origin server via the cPanel. It expires after 15 years. On Cloudflare, I then changed the SSL/TLS encryption mode to Full (Strict). However, the website is still showing the Cloudflare certificate expiry date as July 2021.

My guess is that the expiry date of the website cert is actually the expiry date of the universal Cloudflare SSL, which will auto-renew in July. Would that be correct?

Then, how is the other certificate that I installed on the origin server going to be used?

Yes.

It is used to secure the connection between Cloudflares servers and your Origin server. With Full (Strict) in place Cloudflare will refuse to talk to an Origin that is unable to respond with a valid certificate for your domain name.

2 Likes

Thanks @michael
So, how do I know if the Full (Strict) mode is actually working as there is no way to confirm this from the browser? Would it simply fail to load the website if it identified the issue with the Cloudflare Origin CA Certificate or didn’t find one installed on the origin server; or perhaps display Error 525 or 526?

With the Cloudflare Origin CA Certificate on the origin server, could I also set the SSL/TLS encryption mode to Full instead of Full(Strict)? Which one would be the better option?

If you set SSL/TLS to Full (Strict), then yes, you’d see a 525 or 526 if the cert on your server became invalid. With that in mind, you really want to continue using Full (Strict) to ensure that nobody is intercepting traffic with an invalid certificate.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.