Corrupted Cloudflare Origin Certificate

Hi,

I created a Cloudflare Origin certificate to communicate between Cloudflare and my server through SSL. But when I want to decode it using https://www.sslshopper.com/certificate-decoder.html it says " We were unable to decode this certificate. It may be corrupt or in an incorrect format."

I tried several time to recreate the certificate but I can never pass the decoder.

I can’t figure what to do next?
Thank you

I’m pretty sure those certificates won’t validate outside of Cloudflare. Other than the SSL Shopper warning, is something actually broken?

Thanks @sdayman for helping.

I’m trying to add them to Runcloud.io but they seem to be broken there as well. Are they real certificates? Are they valid?

My understanding was that I could use these origin certificates on my Nginx to communicate in SSL to Cloudlfare. Is this correct?

No, the site can display Origin certificates. There must be a problem with your input.

Thanks @sandro.

Do you refer to sslshopper.com? I just copy/pasted the certificate from Cloudflare to the site, and I receive the corrupted error message. Also the certificate fails at Runcloud.io
Is there another way to verify the origin certificate?

Can you post the certificate here?

1 Like

-----BEGIN CERTIFICATE-----MIIEsDCCA5igAwIBAgIUXnA4oqgmW3Tmut3J1CAFn4DnOQkwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTQwMgYDVQQLEytDbG91ZEZsYXJlIE9yaWdpbiBTU0wgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRYwFAYDVQQHEw14BexZMoP1gqvSbLZSfYigjUvfcXkroScKIEwpDYWxpZm9ybmlhMB4XDTE5MDUyMDE2NTcwMFoXDTM0MDUxNjE2NTcwMFowYjEZMBcGA1UEChMQQ2xvdWRGbGFyZSwgSW5jLjEdMBsGA1UECxMUQ2xvdWRGbGFyZSBPcmlnaW4gQ0ExJjAkBgNVBAMTHUNsb3VkRmxhcmUgT3JpZ2luIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTkUv/Sa02kBVwGjz5yGG9+1fiRxzPxrEPVpgdG01IP2zg0KP63+DBTYobuxMmWMPhIcuFlIGuGeq7wv7UQh0/YPFAec/Q6HBrOjGTuBLey4/kvs61kZjEwZoxjJpGUl+5IoP7bfRFpADk5P1xc1mH+nx46FDohvbs4buCpcZenVfJqT91W4MQYs5dELQO5mOlvvAF5yx69A5n7vgquSIcfOsfkfHGReYWFqiPFV3xdRtvn70EXGMCosOAdop+GMxXUaVSN7tr5ZlkUlLjqKMboAGc61/eWv6Zh9XcDa7CiIZyx0VR3CSa0Idd5Cjb4Gq4bKBIPF4Xi07gIh/s2gBwIDAQABo4IBMjCCAS4wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRvKrakIJ4xsYteWE9ginMQUpyzbjAfBgNVHSMEGDAWgBQk6FNXXXw0QIep65TbuuEWePwppDBABggrBgEFBQcBAQQ0MDIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9vY3NwLmNsb3VkZmxhcmUuY29tL29yaWdpbl9jYTAzBgNVHREELDAqghQqLmJvb2xlYW5jaGFubmVsLmNvbYISYm9vbGVhbmNoYW5uZWwuY29tMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuY2xvdWRmbGFyZS5jb20vb3JpZ2luX2NhLmNybDANBgkqhkiG9w0BAQsFAAOCAQEApijVUEDr/FELeFC7B0BQAUU8zebDMbRPCTCEJZJCaoGbtHCuc+fYXA46ur1m4mK0cNFGGNJM3Cm31OC1nSwg7WH7rNMvlU/kr2mt0ELpC2IonfVVYbxu11OvG1wwUX1RyyzLZamAMLWShIiqgwdjuTOcjZhBM3bPN0jedboYI3WApdJb0Wp7v0DN3VgbRJjgo9nzOe1awMtxfNzzS8QvJhqsdW45vge++9myrYQnopz2CAtlBMzFdiNwdCOpp5t3MPa/Dm+pFgaA6CU4a5Zpgz3ho9mgTO624PQeBex3xhDZF9lyJ7uIPSqU9XFIC9XlenN79InIPuVQwJmriGwI9A==-----END CERTIFICATE-----

1 Like

I use Origin Certificates in my Runcloud account. And they’re working with Full (Strict) mode.

You put both certificates in the right spots?

Thanks @sdayman

Yes I use Full Strict mode, and I put the origin certificate and the private key as well. But they look invalid to Runcloud.

did you make sure the key format for origin cert is default PEM format ?

1 Like

The certificate you poted simply is invalid. Make sure you really copy everything.

Thanks @sandro @eva2000

I just copy/pasted what Cloudflare showed me as the certificate. I have no idea how I could do that differently. What’s the correct way to copy/paste the certificate? How can I verify it?

It is all in one line, whereas Cloudflare would display it as

-----BEGIN CERTIFICATE-----
MIIEsDCCA5igAwIBAgIUXnA4oqgmW3Tmut3J1CAFn4DnOQkwDQYJKoZIhvcNAQEL
BQAwgYsxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTQw
MgYDVQQLEytDbG91ZEZsYXJlIE9yaWdpbiBTU0wgQ2VydGlmaWNhdGUgQXV0aG9y
aXR5MRYwFAYDVQQHEw14BexZMoP1gqvSbLZSfYigjUvfcXkroScKIEwpDYWxpZm9
ybmlhMB4XDTE5MDUyMDE2NTcwMFoXDTM0MDUxNjE2NTcwMFowYjEZMBcGA1UEChM
QQ2xvdWRGbGFyZSwgSW5jLjEdMBsGA1UECxMUQ2xvdWRGbGFyZSBPcmlnaW4gQ0E
xJjAkBgNVBAMTHUNsb3VkRmxhcmUgT3JpZ2luIENlcnRpZmljYXRlMIIBIjANBgk
qhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTkUv/Sa02kBVwGjz5yGG9+1fiRxzPx
rEPVpgdG01IP2zg0KP63+DBTYobuxMmWMPhIcuFlIGuGeq7wv7UQh0/YPFAec/Q6
HBrOjGTuBLey4/kvs61kZjEwZoxjJpGUl+5IoP7bfRFpADk5P1xc1mH+nx46FDoh
vbs4buCpcZenVfJqT91W4MQYs5dELQO5mOlvvAF5yx69A5n7vgquSIcfOsfkfHGR
eYWFqiPFV3xdRtvn70EXGMCosOAdop+GMxXUaVSN7tr5ZlkUlLjqKMboAGc61/eW
v6Zh9XcDa7CiIZyx0VR3CSa0Idd5Cjb4Gq4bKBIPF4Xi07gIh/s2gBwIDAQABo4I
BMjCCAS4wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgE
FBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRvKrakIJ4xsYteWE9ginMQUpy
zbjAfBgNVHSMEGDAWgBQk6FNXXXw0QIep65TbuuEWePwppDBABggrBgEFBQcBAQQ
0MDIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9vY3NwLmNsb3VkZmxhcmUuY29tL29yaWd
pbl9jYTAzBgNVHREELDAqghQqLmJvb2xlYW5jaGFubmVsLmNvbYISYm9vbGVhbmN
oYW5uZWwuY29tMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuY2xvdWRmbGF
yZS5jb20vb3JpZ2luX2NhLmNybDANBgkqhkiG9w0BAQsFAAOCAQEApijVUEDr/FE
LeFC7B0BQAUU8zebDMbRPCTCEJZJCaoGbtHCuc+fYXA46ur1m4mK0cNFGGNJM3Cm
31OC1nSwg7WH7rNMvlU/kr2mt0ELpC2IonfVVYbxu11OvG1wwUX1RyyzLZamAMLW
ShIiqgwdjuTOcjZhBM3bPN0jedboYI3WApdJb0Wp7v0DN3VgbRJjgo9nzOe1awMt
xfNzzS8QvJhqsdW45vge++9myrYQnopz2CAtlBMzFdiNwdCOpp5t3MPa/Dm+pFga
A6CU4a5Zpgz3ho9mgTO624PQeBex3xhDZF9lyJ7uIPSqU9XFIC9XlenN79InIPuV
QwJmriGwI9A==
-----END CERTIFICATE-----

Can you post a screenshot of the certificate output? Just make sure the private key is not part of the screenshot.

1 Like

I agree it was all in 1 line, that’s exactly what I have when I copy/paste. It looks on multiple lines on the screenshot (please see screenshot below) but when I copy/paste it’s all on 1 single line.

Also I have tried multiple times to add \n after -----BEGIN CERTIFICATE----- and before -----END CERTIFICATE-----, but it doesn’t validate neither in sslshopper.com nor in Runcloud

The string in your screenshot does not match what you originally posted (e.g. fourth line). I can only repeat, make sure you copied it correctly.

2 Likes

This would appear to be the right certificate and it validates as well

-----BEGIN CERTIFICATE-----
MIIEsDCCA5igAwIBAgIUXnA4oqgmW3Tmut3J1CAFn4DnOQkwDQYJKoZIhvcNAQEL
BQAwgYsxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTQw
MgYDVQQLEytDbG91ZEZsYXJlIE9yaWdpbiBTU0wgQ2VydGlmaWNhdGUgQXV0aG9y
aXR5MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MB4XDTE5MDUyMDE2NTcwMFoXDTM0MDUxNjE2NTcwMFowYjEZMBcGA1UEChMQQ2xv
dWRGbGFyZSwgSW5jLjEdMBsGA1UECxMUQ2xvdWRGbGFyZSBPcmlnaW4gQ0ExJjAk
BgNVBAMTHUNsb3VkRmxhcmUgT3JpZ2luIENlcnRpZmljYXRlMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTkUv/Sa02kBVwGjz5yGG9+1fiRxzPxrEPVp
gdG01IP2zg0KP63+DBTYobuxMmWMPhIcuFlIGuGeq7wv7UQh0/YPFAec/Q6HBrOj
GTuBLey4/kvs61kZjEwZoxjJpGUl+5IoP7bfRFpADk5P1xc1mH+nx46FDohvbs4b
uCpcZenVfJqT91W4MQYs5dELQO5mOlvvAF5yx69A5n7vgquSIcfOsfkfHGReYWFq
iPFV3xdRtvn70EXGMCosOAdop+GMxXUaVSN7tr5ZlkUlLjqKMboAGc61/eWv6Zh9
XcDa7CiIZyx0VR3CSa0Idd5Cjb4Gq4bKBIPF4Xi07gIh/s2gBwIDAQABo4IBMjCC
AS4wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
ATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRvKrakIJ4xsYteWE9ginMQUpyzbjAf
BgNVHSMEGDAWgBQk6FNXXXw0QIep65TbuuEWePwppDBABggrBgEFBQcBAQQ0MDIw
MAYIKwYBBQUHMAGGJGh0dHA6Ly9vY3NwLmNsb3VkZmxhcmUuY29tL29yaWdpbl9j
YTAzBgNVHREELDAqghQqLmJvb2xlYW5jaGFubmVsLmNvbYISYm9vbGVhbmNoYW5u
ZWwuY29tMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuY2xvdWRmbGFyZS5j
b20vb3JpZ2luX2NhLmNybDANBgkqhkiG9w0BAQsFAAOCAQEApijVUEDr/FELeFC7
B0BQAUU8zebDMbRPCTCEJZJCaoGbtHCuc+fYXA46ur1m4mK0cNFGGNJM3Cm31OC1
nSwg7WH7rNMvlU/kr2mt0ELpC2IonfVVYbxu11OvG1wwUX1RyyzLZamAMLWShIiq
gwdjuTOcjZhBM3bPN0jedboYI3WApdJb0Wp7v0DN3VgbRJjgo9nzOe1awMtxfNzz
S8QvJhqsdW45vge++9myrYQnopz2CAtlBMzFdiNwdCOpp5t3MPa/Dm+pFgaA6CU4
a5Zpgz3ho9mgTO624PQeBex3xhDZF9lyJ7uIPSqU9XFIC9XlenN79InIPuVQwJmr
iGwI9A==
-----END CERTIFICATE-----

@sandro The screenshot is what Cloudflare show me. When I select the text and copy/paste, all is in 1 single line. Is this normal? I use Chrome.

I tried to validate the certificate you just posted and it doesn’t validate on sslshopper.com.

image

Check your local machine if it is compromised in any way or if there is anything that tampers with the clipboard. Also, try it on another machine.

2 Likes

@sandro you were right, the copy/paste on Chrome strips the ends of lines, which messes the PEM format. Terrible!!

With Firefox, it worked fine.

Thank you so much for your help!

2 Likes

@cloonan sounds like bug in Chrome then ?? I tested in Opera web browser and it’s fine.

1 Like