Hi all. A few questions about CNAME Setup for a WAF use case. We’re trying to decide whether we should upgrade from Pro to Business.
Is CNAME Setup enabled per-tenant, or per-domain? Is it possible to add AAA.com so that it uses CNAME Setup, but add BBB.com so that Cloudflare is configured as the authoritative DNS?
When adding multiple domains to a single Cloudflare account, does pricing change? If we wanted to use CNAME Setup for 1000 different domains, is it still the same monthly fee as only a single domain?!
We already have valid TLS certificates and keys for our FQDNs. If we’re using CNAME Setup for a given FQDN to utilize the Firewall feature, does Cloudflare issue a new cert, or can we just upload our pre-existing cert/key to Cloudflare?
What should we do when multiple FQDNs under a single domain all have separate certs – can we just upload each of them?
@erictung Many thanks! That clarifies things a lot.
Hmm…if this is indeed true (the plan comparison table does indeed list “1” for custom certs), and we wanted to continue using our existing certs, we’d have to utilize a wildcard cert for each domain
Nah, not really, I think. Maybe just avoiding “damaging” the business relationship we have with our longstanding current CA. Some end users might be wary of a non-major (read: Verisign, etc.) CA being the signer, but how many end users actually make the effort to check
Incidentally, do you happen to know whether Cloudflare’s WAF will ignore the TLS cert on the origin server being invalid (self-signed, expired, etc.)?
Ok, that’s interesting. Just for your information, Cloudflare is using DigiCert or Let’s Encrypt to issue SSL cert to each domain.
I don’t think end users will really care about which CA you are using - as long as the cert is valid and the site is able to load without issues, then most probably end users won’t complaint.
Nothing related to WAF. It’s the SSL Encryption mode affecting the behaviour of the connection between Cloudflare and server. Anyway, always use Full (strict) mode and nothing else.
