I have sites on a Microsoft IIS server, each with an SSL certificate from GoDaddy. If I proxy all these sites through Cloudflare using “Full” encryption mode, do I no longer need the GoDaddy certificates at all?
The description for that item says “Encrypts end-to-end, using a self signed certificate on the server” but it doesn’t say what that means. Do I need to create a self signed certificate, or will it just work magically if I have it on “Full”?
It says exactly what that means in quite specific language.
It is also not secure. The only secure setting is Full (Strict).
SSL is not magic. You need to maintain a valid certificate on your origin server as long as it is active. You can use an automated CA like Let’s Encrypt or a commercial certificate. If you only allow connections proxied through Cloudflare, a Cloudflare Origin CA certificate will work. You can learn more about Cloudflare Origin CA certificates and Full (Strict) in the following Community Tutorial.
Thanks! So I would create a separate “Origin Certificate” in Cloudflare for every site, bind those to the respective sites in IIS, then enable “Full (Strict)”? At that point Cloudflare would generate an Edge certificate? And then I would have true full encryption with no need of GoDaddy certificates?