Intranet SSL

Hi everyone! I have my own domain with dns in Cloudflare, since 2 weeks we are using Full (strict) and everything is working correctly but i can’t use the certificates for my intranet and work with it too. Before of cloudflare we do that with Letsencrypt and no issues but now we can’d do that.
Scenario: I have 5 servers with web server who are reached to the internet by a proxy server, so the host who are outside my intranet can access with the ssl correctly but the users inside my network can’t access with the ssl because this can’t verified. I’m certificating that in the proxy server and into the web server as the same way.

Any idea what can i do to solve it?

Hi there,

Have you installed Cloudflare Origin Certificates on your web server? Those will only work for connections between Cloudflare and your origin.

Yes i have installed that into the proxy server and are working correctly. The issue begins when my internal users want to access to the internal servers who has the same origin certificates that the proxy servers. I think there are not with valid ssl because the traffic don’t pass between the origin server and cloudflare.

You are correct. Cloudflare Origin Certificates use a certificate authority that is only trusted by Cloudflare.

If you need to connect directly to your origin over HTTPS, your web server must present a trusted certificate. I would recommend you use Let’s Encrypt.

Is possible to use Let’s Enctypt internally and externally cloudflare origin certificates?

Yes, it should be possible to configure your web server to present a different certificate for specific source IPs.

How it is done depends on your setup and is beyond the scope of this forum.

If you’re using LE internally, you shouldn’t need the Cloudflare origin certificate.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.