The Flexible SSL option in Cloudflare works well and I use it often for sites that don’t require high security. However, in some cases I need to have SSL available all the way through to the server.
I am looking for a way to get full SSL all the way from the browser to my web server that doesn’t require purchasing and installing dedicated certificates for every website on the server.
I’ve read the KB article on “Origin CA certificates” here:
I understand that this will let me connect my server to Cloudflare securely, and then I can use the Full SSL option to connect from Cloudflare to the browser etc.
This sounds to me like it is creating a sort of two-stage SSL path - First, the normal SSL from browser to Cloudflare and then Cloudflare opens a separate SSL path to the server. This seems like it would be easy to manage once it has been set up.
The article states “You can include up to 100 hostnames or wildcard hostnames on a single certificate…”
There are two questions about this:
First - Do I need to provide all of the domains that I want to enable the Full SSL mode on, or do I just need one domain specified and then Cloudflare will use that for the connection to my server, for all my domains in Cloudflare?
Second - If I have to insert all domains that will be using Full SSL mode, then how do I add and remove them over time. Do I have to redo the entire certificate setup and installation process on that page each time I add another domain in Cloudflare?
Appreciate any responses!