I have a domain on CF that has a number of entries proxied. I’ve enabled the universal / edge certificate and now, a new app that connects to the domain is throwing errors due to the TLS / SSL handshake not completing. Researching this has lead me to the (possibly wrong) conclusion that the R3 edge certificate is not trusted by all browsers, particularly by Windows clients. This conclusion is based on the host server being unable to browse the site due to an error message that I receive when I try to browse the site on the server:
The security certificate presented by this website was not issued by a trusted certificate authority.
Would upgrading the plan to include the ‘Advanced Certificate Manager’ (ACM) help? This page says the ACM allows you to choose the CA for the certificates, presumably this means that the certificate will no longer be issued by R3 and be rejected?
Is this the best option? I really want to use the DNS proxy but it seems this relies on an edge certificate and the cost of upgrading to the business plan (to use my own certificates) doesn’t seem to be justifiable for this single feature. Am I overlooking something?