Different Certs on Different Endpoints?

We are using CF provided Univeral SSL. We just migrated a client behind our CF protect domain. The client has an issue with one of their processes connecting, and they have traced it to an SSL issue.
The certificate they are looking at is not the same certificate I am looking at for the same URL. This brings me to the question:

When CF issues a universal SSL cert… is that certificate used across all CF endpoints clients would connect to? Is there a possibility that clients in different locations connecting to different CF endpoints would see different certificates?

Thanks for any and all insight.

If you’re only using Universal SSL, yes.

https://developers.cloudflare.com/ssl/ssl-tls/certificate-and-hostname-priority/#certificate-deployment

As per the above documentation, if you use SSL for SaaS or Advanced Certificate Manager then you might have multiple certificates in which case there’s specificity and priority which determines which is presented.

You can sort of check by searching the SSL certificate transparency logs to see what SSL certificates have been issued for your domain at https://crt.sh/. For example for Cloudflare’s own domain SSL certs https://crt.sh/?q=*.cloudflare.com

Thanks for the quick response!!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.