I need some advice on an SSL cert. We have a domain in Cloudflare, say xyz.com, and we are only using Cloudflare currently for DNS. Our domain has a different registrar. We have a multi domain cert through a different CA for a number of subdomains: abc.xyz.com, www.abc.xyz.com, def.xyz.com.
I have an Azure web app I would like to setup a binding to a cert. I’ve already setup the custom domain in Azure for app.xyz.com using cname and txt dns types with Proxy Status set to DNS Only in Cloudflare, which works.
I now need an SSL cert. A coworker recommended a dedicated SSL cert but you can’t export the cert which I believe I need for the Azure custom domain. Is that correct? As part of our Cloudflare account we have a universal cert. I can create a Full (strict) Origin Server cert and use that on Azure. SSL/TLS is currently off in Cloudflare.
So the crux of the advice needed is:
Confirm I cannot use a dedicated SSL cert from Cloudflare for the Azure web app.
Can I turn on SSL/TLS encryption for the subdomain: app.xyz.com? I believe I can if I change the Proxy Status from DNS Only to Proxied on the cname pointing back to Azure.
Thanks in advance for the help.