It seems the traffic from the origin server to Cloudflare would be exposed if the origin server didn’t have a cert.
Yes.
2 Likes
Thanks for that link, it says
Make sure you have “Full Strict” selected here. Only when you have that mode selected you’ll have a guarantee that Cloudflare will verify the connection and will not allow third parties to take over your data. Anything else and it will be as if you had no certificate or one that can’t be verified (-> certificate warning) and will put your data and the data of your visitors at risk.
So I guess the answer is ‘No, you always need a cert, but CF will set you up with one. Just go to SSL/TLS->Origin Server and generate it.’ Maybe it’s a bit confusing the CF offers Flexible/Full if those modes are vulnerable.
2 Likes