I followed the Configuring Cloudflare for SaaS document to configure Cloudflare for SaaS.
Route traffic in the following way
stevenshop.stawby.com(customer owned domain) →
customers.tahitest-cldf1.com(SaaS provider owned subdomain) →
fallback.tahitest-cldf1.com (fallback origin)
The certificate and hostname status for custom hostname
stevenshop.stawby.com is Active after adding txt records and CNAME in customer’s domain registrar
The status for fallback origin
fallback.tahitest-cldf1.com is Active.
The friendly CNAME is added, i.e.,
Installed the origin certificate provided by Cloudflare in Azure web app.
The SSL/TLS encryption mode is set to Full(strict)
When I browse to
customers.tahitest-cldf1.com in Chrome, everything works as expected, i.e., the web page loaded successfully, and secured by Cloudflare’s certificate.
When I browse to
stevenshop.stawby.com in Chrome, the following error occurred, invalid ssl certificate, error 526.
After changing the SSL/TLS encryption mode from Full(strict) to Full, the following error occurred. Basically it asked me to add the custom domain
stevenshop.stawby.com (owned by customer) in Azure web app as a custom domain and apply certificate binding.
I would prefer to use the Full(strict) mode and install Cloudflare issued certificate on my origin server (Azure web app). How can I fix this ssl certificate issue? Is there anything I miss configured?
Seems fairly straightforward. Didn’t this fix your problem?
This is Cloudflare for SaaS. custom hostname
stevenshop.stawby.com is a third party hostname that CNAME to my domain (SaaS provider) in order to receive the performance and security benefits of Cloudflare.
The certificate and hostname status for this custom hostname
stevenshop.stawby.com is Active by adding txt and cname records in customer’s domain registrar.
The customer should be able to connect to the origin server through Cloudflare without adding customer’s host name and binding certificate in Azure web app.
No, this is not something Cloudflare can control. You really need to add the domain to your Azure configuration.
Just want to make sure I’m doing the right configuration.
I’ve added the custom host
stevenshop.stawby.com in Cloudflare
stevenshop.stawby.com as a custom domain in my origin server.
- Binding a certificate for custom domain
stevenshop.stawby.com. Can Cloudflare issue a free certificate for this custom domain
stevenshop.stawby.com, or I have to go somewhere else to purchase one?
You can use the same Origin certificate (if it contains the customers domain name).
The origin certificate can only add my domain and subdomains (SaaS provider), not the third-party domains like
We were planning to use Cloudflare to manage our 2000 third-party custom domains, but it seems like we can’t offload these third-party domains to Cloudflare, we will still need to add custom domains and binding certificates in our server. The only benefits is to route all traffic to Cloudflare for inspection and then forward to the origin server.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.