How to check if my Origin Ca is working properly on Nginx

I just finished this tutorial and I would like to check if I configured everything as I should have in my Ubuntu, is there a command or a way to check it?

for reference my key and certificate are at:

ssl_certificate /etc/ssl/example.co.il.pem;
ssl_certificate_key /etc/ssl/example.co.il.key;

I am trying to follow this tutorial of creating an Origin CA:

On Step 2 - Install an Origin CA certificate at your origin web server, I got confused.
Step2.1 - Upload the Origin CA certificate - OK.
Step2.2 - Use the linked installation guides below to update your web server configuration to point to the certificate - Not Clear to me.
For me it’s Nginx and this the link https://www.digicert.com/csr-ssl-installation/nginx-openssl.htm#ssl_certificate_install.

So after step 1 I have on my server 2 files:

/etc/ssl/example.co.il.pem;
/etc/ssl/example.co.il.key;

So I am at:

II. Nginx: Installing & Configuring Your SSL Certificate

What do I need to do here?
should I click on Creating Your CSR with OpenSSL?

I think not, that’s what I did in Step 1,
So I go forward from there to:

How to Install and Configure Your SSL Certificate

Primary and intermediate certificates

  1. You should’ve received a your_domain_name.pem file from DigiCert in an email when your certificate was issued. This .pem file contains both your primary certificate and the intermediate certificate. If you have that .pem file, you can skip to step 4.
  2. If you need to concatenate your primary certificate and your intermediate certificate in to a single file, see step 2.

So I didn’t receive anything from DigiCert and I have 2 files, not a concatenate one
And on section 2 it asks:

If you need to concatenate your primary certificate and your intermediate certificate in to a single file, see step 2.

Do I need to concatenate those files? I don’t know…

And most instructions there are not related at all to Cloudflare result I got from Step 1 of the cloudflare tutorial.

Does Cloudflare want me to create an account at DigiCert? I don’t understand what do I need to do next…

Maybe just create a normal youtube tutorial instead of complicating this issue!

I finished the tutorial of creating the Origin CA and I don’t know how to test it.

easiest way to check if cloudflare origin ca cert is working is to change your cloudflare ssl mode from flexible ssl or full ssl to full ssl (strict)

Full (strict) ensures a secure connection between both the visitor and your Cloudflare domain and between Cloudflare and your origin web server. Configure your origin web server to allow HTTPS connections on port 443 and present either a Cloudflare Origin CA certificate or a valid certificate purchased from a Certificate Authority. This certificate must be signed by a Certificate Authority that is trusted by Cloudflare, have a future expiration date, and cover the requested domain name (hostname).

Then if you visit your domain and there are no invalid ssl certificate errors and your site works fine, then cloudflare origin ca cert setup is working and now cloudflare edge servers are communicating with your origin web server’s HTTPS config using cloudflare origin ca ssl certs.

Or in your case look for 526 errors if origin ca setup isn’t working

The Full (strict) SSL option checks for SSL certificate validity at the origin web server. A self-signed certificate cannot be used. A Cloudflare Origin CA certificate or valid certificate purchased from a Certificate Authority is required to avoid 526 errors.

1 Like

@eva2000

Thank you for your answer Eva.

I followed these instructions by Cloudflare and they are very unclear to me.

I created a public key + private key at the Origin Ca generator Cloudflare has and now I don’t know what should I do next.

I am at Step 2 of the instructions above that leads me to here:
https://www.digicert.com/csr-ssl-installation/nginx-openssl.htm#ssl_certificate_install

Do I need to pay for ssl Certificate at digicert? I am not sure what I need to do there.

the cloudflare origin ca cert is a free replacement by cloudflare for either paid ssl certs or letsencrypt ssl certs so no need to pay for a ssl cert

This topic was automatically closed after 30 days. New replies are no longer allowed.