Cloudflare's SSL/TLS certificate shadowed mine

I bought DV certificate from Sectigo and installed it. Verified that browsers recognize it. All was fine and secure.

Then I added Cloudflare CDN(free plan). Now, all resources, are served over HTTPS (as they were without the CDN), over HTTP2 (as they were without CDN) but the certificate is Cloudflare’s, not mine. It is issued to sni.cloudflaresssl.com, issued by: Cloudflare Inc ECC CA-3 and valid for a year.

So, it completely shadowed my certificate rendering mine useless (?). So, if I had an OV certificate issued to my organization, then it would be “shadowed” by CDN. I sure don’t want that.

Question 1
What now? Can I install my Sectigo certificate onto CDN? If yes, will it even work, given that certificate was issued to another domain?

Question 2
How much certificates do I need in general in case of CDN:

  • 2 (one for CDN and one for website) or
  • 1 (the same certificate used both on the website server and CDN)? (don’t forget the case when CDN may be disconnected for some reason, and the traffic will go to origin server, meaning that this scenario has to be taken into account and be secure as well)

Question 3
Not sure this is a separate question, but I separated it. How do I make it so that even with CDN when users clicked on the padlock icon they were presented with my certificate and not Cloudflare’s?

This topic was automatically closed after 30 days. New replies are no longer allowed.