Customer unable to connect after configuring Cloudflare for SaaS


I followed the Configuring Cloudflare for SaaS document to configure Cloudflare for SaaS.

Route traffic in the following way
Request to owned domain) → provider owned subdomain) → (fallback origin)

The certificate and hostname status for custom hostname is Active after adding txt records and CNAME in customer’s domain registrar

The status for fallback origin is Active.

The friendly CNAME is added, i.e.,

Installed the origin certificate provided by Cloudflare in Azure web app.

The SSL/TLS encryption mode is set to Full(strict)

When I browse to in Chrome, everything works as expected, i.e., the web page loaded successfully, and secured by Cloudflare’s certificate.

When I browse to in Chrome, the following error occurred, invalid ssl certificate, error 526.

After changing the SSL/TLS encryption mode from Full(strict) to Full, the following error occurred. Basically it asked me to add the custom domain (owned by customer) in Azure web app as a custom domain and apply certificate binding.

I would prefer to use the Full(strict) mode and install Cloudflare issued certificate on my origin server (Azure web app). How can I fix this ssl certificate issue? Is there anything I miss configured?


Seems fairly straightforward. Didn’t this fix your problem?

Thanks Laudian.
This is Cloudflare for SaaS. custom hostname is a third party hostname that CNAME to my domain (SaaS provider) in order to receive the performance and security benefits of Cloudflare.
The certificate and hostname status for this custom hostname is Active by adding txt and cname records in customer’s domain registrar.
The customer should be able to connect to the origin server through Cloudflare without adding customer’s host name and binding certificate in Azure web app.


No, this is not something Cloudflare can control. You really need to add the domain to your Azure configuration.

1 Like

Thanks Laudian.
Just want to make sure I’m doing the right configuration.
I’ve added the custom host in Cloudflare

Next Steps:

  1. Add as a custom domain in my origin server.
  2. Binding a certificate for custom domain Can Cloudflare issue a free certificate for this custom domain, or I have to go somewhere else to purchase one?


You can use the same Origin certificate (if it contains the customers domain name).

Thanks Laudian.
The origin certificate can only add my domain and subdomains (SaaS provider), not the third-party domains like

We were planning to use Cloudflare to manage our 2000 third-party custom domains, but it seems like we can’t offload these third-party domains to Cloudflare, we will still need to add custom domains and binding certificates in our server. The only benefits is to route all traffic to Cloudflare for inspection and then forward to the origin server.


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.