Easy SSL Question, can't find an answer I understand

First, thank you for your help.

Second, I’m not an expert IT person, but instead a healthcare provider trying to run a small non-profit website, securely.

I started using cloudflare last year, have been on free plan, using universal SSL option.

On windows 2016 server, IIS 8

I’d like to arrange the Cloudflare settings so I can have https url line Lock symbol status using my own domain name, not the sni.cloudflaressl.com certificate.

Is it my understanding that I need to purchase a $5/mo Edge Certificate from Cloudflare? If so, I don’t understand how this can be full encryption from viewer to cloudflare to my server if I have not installed on my server or used a CSR to generate?

Can anyone put in basic terms what I’ve missed or need to do, in order to get full domain branded ssl from viewer to cloudflare to my origin server?

Many thanks,
Stephen

Hi @stephen11,

The Dedicated $5/month will get you a certificate that shows to your visitor with your domain name in the ‘Issued to’ field.

Precisely, if you don’t have a certificate on your server, the second part of the connection between Cloudflare and your server is insecure. You need to get a certificate installed there and make sure your SSL/TLS mose in Cloudflare is set to Full (strict). You can get a certificate for your origin server from Cloudflare for free or from another provider like Let’s Encrypt.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.