Issue with binding origin server to my apache httpd server for my website

Hi, I need help.
I got the origin certificate from cloudflare and using csr, private key, jks and other certificate pem file I successfully installed the certificate to my tomcate and apache httpd server. But still when I am trying to access one template programatically through https url using my tomcat server - it gives me below error,

‘Caused by: java.security.cert.CertificateException: No name matching My_domain_name.com found’

When I checked the certificate, its showing my domain name under the hierarchy. It looks like the issue is with accessing https content from url , it stopped working before 1 day ago…

image

Hi there,

An Origin Certificate from Cloudflare is an untrusted certificate by clients and browsers, it can only be used behind Cloudflare’s proxy - so if your attempting to terminate a TLS handshake with a browser/client directly to your origin with that cert, it is expected to see an error.

However, looking at your screenshot that does not seem to be the case, the certificate hierarchy is showing a LetsEncrypt Chain.

Just to make sure I fully understand the question here, did you previously have a LetsEncrypt certificate on your origin server, and now replacing it with a Cloudflare Origin certificate - but when you’re testing your still seeing your old LetsEncrypt certificate. Is this the issue?

regards,

1 Like

Yes, Previously I was using lets encrypt certificate.
But for more security I heard about Cloudflare, and I issued new Origin Certificate for my Tomcat and Apache httpd server.

When I added all required key, pem, full chain etc. files to my both servers, it is running fine over https. But may be cloudflare is overlapping them through SSL > Full (not strict) protocol. It is somehow not allow me to access any resource programatically from Apache httpd server to my tomcat code (I hosted java code on tomcat).

I am new to cloudflare and this more trusted and reliable, so thought to go ahead with it (For now, I choose free plan to get much familiar with it) - Please help how can I get proper hierarchy of certificate chains? Something like below,

Root

Intermediate

*.mydomain.com

Your help will be appreciated.

Cloudflare Origin CA is a self-signed certificate that is only trusted by Cloudflare’s proxy - we issue the origin CA certificate straight from our root CA (that is not trusted by browsers). These certificates are only meant to be used behind our proxy.

It sounds like you are looking have signed certificate, of intermediates - so it using LetsEncrypt would be the better choice for you.

The downside of using LetsEncrypt, is that you will need to make sure its renewed and not expired - where as Origin CA allows you to have extended validated periods.

Its up to you, to weigh up the benefits of each.

1 Like

Thank you so much Damian, My doubts are clear now.

I was looking here and there since last 2 days really badly to solve it somehow. Your answer sorted the issues. Appreciate it.

2 Likes