How does one get a ROOT and INTERMEDIATE CA .PEM?

Hoe do I get these from an ORIGIN CERT for Cloudflare? I have created an ORIGIN .PEM - but it is causing errors in the browser without these other 2 parts.

Browsers will always show an error with an Origin certificate, as Origin certificates are not trusted by browsers but only by the proxies.

Make sure your server is properly configured with the certificate and your encryption mode is Full Strict and you are are all good.

1 Like

I have been trying to use the pfSense and Cloudflare configuration and HomeAssistant (is where I installed the origin.pem and privkey.pem file (just like the videos I have watched over and over). I have done this 12+ times. In my home browser (on my INT network) - I get CERT ERROR “you are not safe” message. Same externally - using port 2053.

In pfSense I have a NAT translation for 2053 >> 8123 (HomeAssistant port). also 443, and 8123 – I also have one for all of the proxies for CF - 2053 >> 8123. I get CERT errors everywhere.

When I was using DuckDNS - I did not have this problem - but I wanted to use my own domain that I just acquired…which is why I went with CF.

I changed them all from 2087 to 2053…but these are the FW NATs

The origin certificate will only work when you connect via Cloudflare, so you would expect to see errors when connecting to the port directly and internally. You might want to looks at something like LetsEncrypt which will issue fully valid certs and integrates into Cloudflare.

I will have to see if I can find video or instructions on that.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.