Cloudflare Origin Certificate Not Trusted Error and Validation

My DNS records are currently not proxied and I’ve installed the Cloudflare Origin certificate on my server. I’m accessing the site through HTTPS but the browser displays the untrusted SSL warning. I will turn on the proxy soon which will activate Universal SSL but I wanted to ask something before that.

I’ve learned that “the Cloudflare Origin certificate is a certificate that only Cloudflare trusts, not browsers. It secures traffic between Cloudflare and the website’s origin server. When you install the Cloudflare Origin Certificate, the traffic between Cloudflare and your origin server is encrypted and protected.”

So, is it normal for the SSL checker to display the untrusted warning for the Cloudflare Origin certificate?

Also, is it possible to achieve a certain validation for this certificate so that it becomes trusted or this defies its purpose, that is, it is not needed since the origin certificate is only used between Cloudflare and the origin. Once everything is proxied, the visitor communicates only with the Universal SSL and not the Origin.

Yes.

You need to have an SSL certificate on your origin server to actually have an encrypted connection.

The visitor communicates uses the universal SSL certificate, but Cloudflare wants an SSL certificate at the origin.

1 Like

Thank you for the answer.

You need to have an SSL certificate on your origin server to actually have an encrypted connection.

Of course. But I was actually asking about the trust warning issue, and whether a validation would solve that problem, if this problem needs solving at all.

“Is it possible to achieve a certain validation for this certificate so that it becomes trusted”

I know that Cloudflare trusts their own certificate which is the whole point of it. I was just curious whether it would be possible to do some kind of certificate validation, like domain or other validation where browsers would be able to trust it. I’m sure this defies the purpose of the origin certificate - the connection between the Orion and the Cloudflare, which visitors don’t see anyway.

Also, the checker says this: “Verification error: self-signed certificate in certificate chain”.

Should be be able to manually install the CA certificate in your whatever SSL store you need.

The root certificate is self signed.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.