Implementing Authenticated Origin Pulls

I have already ssl setup using Lets encrypt

ssl_certificate     /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;

I dont understand it as it says to put the file origin-pull-ca.pem and add these lines

ssl_client_certificate /etc/nginx/certs/cloudflare.crt;
    ssl_verify_client on;

so i just download the file and put in my server and add these lines.

and The file type is .pem but it show .crt in those lines

Hello @vibhigupta9

The placeholder file name “Cloudflare.crt” is meant to be replaced with “origin-pull-ca.pem”. That is if you uploaded the file without changing it’s name.

The placeholder file path “/etc/nginx/certs/cloudflare.crt” is meant to be replaced with the location that you decided to upload/keep your origin-pull-ca.pem certificate.

Hope this helps!

1 Like

I am really sorry, I am confused I downloaded origin-pull-ca.pem from support cloud-flare

Now the problem is i dont have Cloduflare.crt file.

@vibhigupta9

You downloaded the right file. Place it where you keep your certificates and configure your setup to use it (i.e. point to it).

There is no such thing as a cloudflare.crt file: it is a placeholder, as in, an example, not an actual file for you to download!

Change the above lines in your nginx configuration to where you uploaded your origin-pull-ca.pem. For example (and this will only work if /etc/nginx/certs/ is an actual directory that you use):

ssl_client_certificate /etc/nginx/certs/origin-pull-ca.pem;
ssl_verify_client on;

Let me know if that works!

1 Like

Thank You alot I was confused with cloudflare.crt file and You explained it well, i implemented it and everything is working.

Is there anyway i can confirm its working or not?