Moving servers and confused on SSL transfer

I am changing hosting providers, and I am in the middle or migration.

I am being asked by the techs about getting a valid TLS/SSL Certificate and Key, and they say from Cloudflare. (because they see the Cloudflare cert when connecting to the site)

I never purchased an SSL through Cloudflare, but from my current hosting provider I am switching from.

Currently I am set to “Full” at Cloudflare.

So my question is what do I need to give to the new host to get the SSL set up? Is there anything from Cloudflare that I need to transfer? I don’t recall ever doing anything with SSL other than choosing “Full” when I initially set it up.

Thanks for any help on the subject!

Either your current host provides you with your current certificate or you get a new one. Cloudflare would offer Origin certificates in this context, but you can use any other valid certificate as well of course.

Also, it should be “Full strict” as “Full” does not verify your certificate and hence is not really secure.

The search will have more on Origin certificates.

1 Like

Thats what I thought but I wanted to be sure… I deal with certs so infrequently I forget more than I remember with them. Thank you

Apart from the cryptography part, certificates are pretty easy. You have a public and a private part. The former is shown in the browser and contains the public key, the latter should never be shared and only reside on the server.

In Cloudflare’s case you need two of them, one for your server encrypting the second leg and one for the proxies encrypting the first leg. “Full strict” is necessary as Cloudflare would not validate the certificate otherwise and that will make that connection insecure.

In your case you can either migrate the existing certificate (assuming it is valid) to your new host or have a new one issued from any CA of your choice (can be paid, can be free, or can be Cloudflare’s Origin certificates). And that’s it :slight_smile:

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.