Dedicated cert by cloudfare

dash-dns
dash-crypto
#1

Good morning I recently changed my dns records to Cloudfares and took notice that the Active Cert provided by Cloudfare do not point out to my domain name but to the repsective Dns record.In my origine server had Lets Encrypt installed ad since am using Cloudfare of course it has been bypassed.
I would like to ask what is the cost of a dedicated cert by Cloudfare and whether it will be pointing out to my domain and not the dns.I got bookings frequently on my site and cant afford oversights of the kind.
Is the paid version of Cloudfare resolving effectively this matter??
Thanks

#2

I am not sure what that is supposed to mean. Cloudflare certificates are issued for your domain in the same way as LetsEncrypt certificates are. The only difference is they contain the name in the SAN and not the CN. Technically that shouldnt make a difference though.

What is your domain?

#3

Should that be an issue for you nonetheless your only option would be to order a $5/month dedicated certificate.

split this topic #4

3 off-topic posts were split to a new topic: Certificates point

#5

My domain is psychicgeniemaria.com.My point is that whereas in my origin server my domain was mentioned in the padlock visibly for future customers now it aint.For exmple while under the authority of Lets Encrypt it was explicit that this cert provided for psychicgeniemaria.com.
Now and while Universal Cert kicking in my domain isnt mentioned in the padlock.Dont know how this affects credibility with potential customers given the fact got customers lined up.Is a dedicated cert more secure and trustworhty?
Thanks for your reply.

#6

Neither. The universal certificate works just as fine. The difference might be what it says in the certificate’s CN but hardly anyone will pay attention to that and the entire padlock situation will soon disappear anyhow (as browsers are moving to HTTPS by default). Should you really be concerned about the handful of people who might believe your site is not secure because your certificate’s CN mentions Cloudflare, your only option will be aforementioned dedicated certificate but I honestly do not think you need to go that route.

2 Likes
#7

Thanks for your prompt and fast response.Have set the SSL to Full-Strict dont know what the difference would be to the other ones full or flexible.But I understand your point.here.There is an option in Crypto a tab HTSPS-STRICT PROTOCOL .Should this tab be enabled in the Crypto section.?
Thanks again for your response.

#8

Flexible should never be used. If you want HTTPS it should be either Full or Full strict, preferably the latter as only strict will guarantee proper encryption.

As for your second question, are you referring to HSTS?

#9

Thanks for the clarification. Yes I mean the HSTS tab.Have enabled all the other tabs like the opportunistic encryption etc.

#10

You can enable HSTS and that will instruct browsers never to connect via HTTP but always via HTTPS, but keep in mind, should there be any issue with your HTTPS configuration you wont be able to switch to HTTP as browsers will continue to connect via HTTPS until the time limit has passed. So, only enable it once you have double checked your HTTPS configuration works fine.

#11

Now only thing I know is that in my wordpress the settings pointing out to HTTPS and not other.My knowledge goes as far as this.My server is Apache and wouldnt know anything else than this.Only thing that I can grasp here is that any time browsers try to open up the site through an http there is an automated redirection to https.

#12

As long as your site, outside of a Cloudflare context, is reachable on HTTPS everything is fine.

#13

Thanks for your assistance I will enable the tab then accordingly as by instruction and put a full stop here as my next questions do not relate to the matter.
Best Regards