I started to use cloudflare ssl service as free option. I have a windows server that my site runs on iis 8.5 version. I activated certificate on my web site kuzguncukaktari.com but I didn’t set anything on the serverside. But as I set flexible option on the cloudflare dashboard, https access work properly. I couldn’t setup certificate with the given pem and key content. Do I have to setup the certificate settings also? Or cloudflare access is sufficient? Thank you
If you want the traffic between Cloudflare and your server to by protected from sniffing by ISPs/governments in the middle and/or MITM attacks, you must set up TLS on your server: Either with a real certificate (there are free ones) where even if you pause Cloudflare, your users will be able to directly access your site securely (but that means changing certificates every now and then; Which can be automated if you use a CA like Let’s Encrypt) or… you can use Cloudflare’s origin certificate, which is very long term, but is not trusted by browsers (so if you disable Cloudflare, your users will get an invalid certificate warning). The choice is yours.