Man-in-the-middle attack

When I use the safari browser to visit my website, I am prompted that the ssl certificate is invalid, and I suspect a man-in-the-middle attack. I have used the cf cdn proxy and turned on the edge certificate, and the encryption mode is flexible

This connection is not private
This site may be impersonating. “” to steal your
Personal or Financial Information. You should return to the previous page.

I hope you can give me some advice.

Hi there,

Firstly, if you use custom certificate on your origin server, it will be better to switch your encryption mode to Full or Full (strict) because in that case Cloudflare allows HTTPS connections between your visitor and Cloudflare and makes connections to the origin using the scheme requested by the visitor. If your visitor uses http, then Cloudflare connects to the origin using plaintext HTTP and vice versa.

Secondly, you can try to enable Cloudflare Always Use HTTPS feature. (details here)

And lastly, make sure Safari has updated its cache, sometimes you need to clear it manually or wait until certificate will update in Keychain on Mac (you can read how to do it manually here).

Thank you for your answer. My origin server also has an ssl certificate installed. I am in cf and I have enabled the hsts edge certificate encryption mode and set it to full (strict), and I will encounter the same problem.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.