I followed the Configuring Cloudflare for SaaS document to configure Cloudflare for SaaS.
Route traffic in the following way
Request to stevenshop.stawby.com(customer owned domain) → customers.tahitest-cldf1.com(SaaS provider owned subdomain) → fallback.tahitest-cldf1.com (fallback origin)
The certificate and hostname status for custom hostname stevenshop.stawby.com is Active after adding txt records and CNAME in customer’s domain registrar
The status for fallback origin fallback.tahitest-cldf1.com is Active.
The friendly CNAME is added, i.e., customers.tahitest-cldf1.com
Installed the origin certificate provided by Cloudflare in Azure web app.
The SSL/TLS encryption mode is set to Full(strict)
When I browse to customers.tahitest-cldf1.com in Chrome, everything works as expected, i.e., the web page loaded successfully, and secured by Cloudflare’s certificate.
When I browse to stevenshop.stawby.com in Chrome, the following error occurred, invalid ssl certificate, error 526.
After changing the SSL/TLS encryption mode from Full(strict) to Full, the following error occurred. Basically it asked me to add the custom domain stevenshop.stawby.com (owned by customer) in Azure web app as a custom domain and apply certificate binding.
I would prefer to use the Full(strict) mode and install Cloudflare issued certificate on my origin server (Azure web app). How can I fix this ssl certificate issue? Is there anything I miss configured?
Thanks Laudian.
This is Cloudflare for SaaS. custom hostname stevenshop.stawby.com is a third party hostname that CNAME to my domain (SaaS provider) in order to receive the performance and security benefits of Cloudflare.
The certificate and hostname status for this custom hostname stevenshop.stawby.com is Active by adding txt and cname records in customer’s domain registrar.
The customer should be able to connect to the origin server through Cloudflare without adding customer’s host name and binding certificate in Azure web app.
Add stevenshop.stawby.com as a custom domain in my origin server.
Binding a certificate for custom domain stevenshop.stawby.com. Can Cloudflare issue a free certificate for this custom domain stevenshop.stawby.com, or I have to go somewhere else to purchase one?
We were planning to use Cloudflare to manage our 2000 third-party custom domains, but it seems like we can’t offload these third-party domains to Cloudflare, we will still need to add custom domains and binding certificates in our server. The only benefits is to route all traffic to Cloudflare for inspection and then forward to the origin server.
