Implementing Authenticated Origin Pulls

I have already ssl setup using Lets encrypt

ssl_certificate     /etc/letsencrypt/live/;
ssl_certificate_key /etc/letsencrypt/live/;

I dont understand it as it says to put the file origin-pull-ca.pem and add these lines

ssl_client_certificate /etc/nginx/certs/Cloudflare.crt;
    ssl_verify_client on;

so i just download the file and put in my server and add these lines.

and The file type is .pem but it show .crt in those lines

Hello @vibhigupta9

The placeholder file name “Cloudflare.crt” is meant to be replaced with “origin-pull-ca.pem”. That is if you uploaded the file without changing it’s name.

The placeholder file path “/etc/nginx/certs/Cloudflare.crt” is meant to be replaced with the location that you decided to upload/keep your origin-pull-ca.pem certificate.

Hope this helps!

1 Like

I am really sorry, I am confused I downloaded origin-pull-ca.pem from support cloud-flare

Now the problem is i dont have Cloduflare.crt file.


You downloaded the right file. Place it where you keep your certificates and configure your setup to use it (i.e. point to it).

There is no such thing as a Cloudflare.crt file: it is a placeholder, as in, an example, not an actual file for you to download!

Change the above lines in your nginx configuration to where you uploaded your origin-pull-ca.pem. For example (and this will only work if /etc/nginx/certs/ is an actual directory that you use):

ssl_client_certificate /etc/nginx/certs/origin-pull-ca.pem;
ssl_verify_client on;

Let me know if that works!

1 Like

Thank You alot I was confused with Cloudflare.crt file and You explained it well, i implemented it and everything is working.

Is there anyway i can confirm its working or not?

This topic was automatically closed after 30 days. New replies are no longer allowed.