Hide shared domains from the SSL certificate


#1

I just added several new domains to Cloudflare. The domains were added through different CloudFlare accounts (my client’s one and my personal one). Both domains return sni.cloudflaressl.com during the SSL lookup. The only domains listed on the certificate are .mydoamin.com , *.mydomain.com and sni.cloudflaressl.com
All of this is great!

I have domains that were added to Cloudflare 6months - 2 years ago. Those domains use certificates sni11184.cloudflaressl.com (or similar) with a bunch of shared domain listed as common names. I know it’s a common problem, but many of the domain listed on the certificate are adult content or obvious spam. Certificate issuer Sectigo and Comodo

QUESTION, is CloudFlare using a new way to issue certificates? If so, is it possible to reissue certificates for my old domains so that the SSL lookup returns a cleaner response?


#2

I believe @sdayman attempted that recently but once he re-enabled universal SSL he still got a certificate with the same SANs. There is a chance your certificate might get cleaned up the next time it is renewed, but I’d open a support ticket to clarify that.

@cloonan @cscharff


#3

Yes, now they are a trusted CA. Please see: