I have a question that may have been answered and I just haven’t figure out the right term, if so feel free to direct me. If not, here’s my question:
- I’m fairly new to Cloudflare and am taking over an account that was created by someone else. I see something that looks odd to me under my Edge Certificates tab. I have 5 hosts entries all of which contain a duplicate found in another entry, for example let’s say my domain is
bar.com, my entries look like:
Hosts Type Status Expires on
bar,com, survey,bar,com Advanced Active 2022-01-01
*,sso,bar,com, sso,bar,com, Advanced Active 2022-01-02
test,bar,com, bar,com, Advanced Active 2022-01-01
*,status,bar,com, *,bar,com, Advanced Active 2022-01-01
*,bar,com, bar,com Advanced Active 2022-01-01
As you can see,
bar.com appears in every hosts entry and
*.bar.com appears in most hosts entry. It seems like there’s overlap here. If I try to relate this to certificates with alias it would seem to me that every certificate I have includes as an alias
bar.com and most have an alias as
*,bar,com. I’m trying to think what the overlap may result in. I don’t see what if any value there would be to have such overlap, I would think that a single entry with
*,bar,com would suffice for my needs and the other entries, such as
survey,bar,com should stand well on it’s own. My expectation is that Cloudflare would perform lazy evaluation so the first URL that matches a cert CN will send that cert and the URL that matches the DNS proxy entry will serve the content, which is why Cloudflare doesn’t bind a cert with a specific proxy.
- Basically my question is, should I avoid having hosts with overlapping certificate CNs? Or is Cloudflare robust enough that I can have 100 hosts entries and each of them can contain
*,bar,comas well as any other CNs that I want?
PS sorry about the weirdness, I was getting an error that only 4 links were allowed so I used commas instead of periods in my domains.