I have a website that i am hosting internally with an SSL certificate. I have added the domain and dns record to cloudflare. I am seeing when i browse the website that it’s using cloudflare SSL instead of the SSL certificate that is assigned in IIS which is from 3rd party CA. How do i go about not using the cloudflare SSL and use the SSL cert i have on the server?
Most setups with Cloudflare have a Cloudflare issued cert facing your users, and another certificate on your origin. This is the preferred and recommended setup.
If you need a particular cert facing your users you have two options. On Business and Enterprise plans you can upload your own certificate. Alternatively, you can the hostname, but this will mean your site gets none of the security or performance benefits of using Cloudflare.
It is relatively rare that there is a technical reason not to continue with your current setup.
Can i just disable universal ssl? If i disable it will it use the server’s SSL certificate?
If you disable universal ssl Cloudflare cannot terminate TLS connections, so that is not a good idea.
Is there a special reason you need your own certificate visible to users?
External users are not having any problems. Internal users are getting SSL errors because its pointing locally to the server and the SSL cert has expired. Also what happens with the universal ssl expires? Does it auto renew?
OK. It sounds like you are using split horizon DNS.
You could (and should) install a valid cert on the internal IIS server. There are lots of Let’s Encrypt clients that will do this automatically for you. Make sure you set the ssl mode in Cloudflare to Full or Full Strict.
Cloudflare managed certificates (Universal, dedicated, ACM etc.) will auto renew without intervention on your part, but that does not fix the issue with the internal server.
This topic was automatically closed after 30 days. New replies are no longer allowed.