We have a client device with certificate pinned, but the certificate has expired and been updated on our Cloudflare. We are unable to update the certificate on the device without it being able to connect to our server, and it is unable to connect because it is using an old certificate. We have looked at the public cert on the client device and see the actual expiry is Dec 31, 24, but Cloudflare updated it already. How do we get the original private cert back? Would advanced certificate management be able to help us at all? We use a normal edge certificate
What steps have you taken to resolve the issue?
We have made SSL flexible, created a proxy server but the client device requires certificate verification, so we are unable to bypass this without the original certificate.
Was the site working with SSL prior to adding it to Cloudflare?
Thanks for the reply, we now know it is dangerous and will improve our system, but right now just trying to figure out how to get it back online. We were basing the certificate replacement time frame on the following document: Renewal and expiration · Cloudflare SSL/TLS docs which states “If no valid replacement is available, Cloudflare will remove the custom certificate after it expires.” but we realize that was for custom certificates, not universal certificates.
Our hope is that if the certificate is not expired it still exists anywhere, and we can somehow regain communication with our devices to move away from pinned certs.
You will probably need to manually update the affected devices.
I will ask around if there is a way to recover the certificate, but I really doubt it. I don’t see why Cloudflare would keep the certificates and not delete them.