Origin CA - mandatory to be generated by Cloudflare or not?


#1

Hi guys,

We have a project fully configured on our VM. We have a reverse proxy running in front of it with ssl certificate already installed. Access by IP is not allowed. Right now we want to use Cloudflare as CDN solution. I have enabled universal mode and strict mode (as long as the certificate is already installed on the server on a proper domain). When accessing the server I get 403. I suspect that it happens because I use our own certificate on the server, rather than generated by Cloudflare. Is it mandatory to use certs for origin CA generated by Cloudflare?

Thank you.


#2

As long as the 403 is not cloudflare branded, it’s generated by your server. Commonly IP deny rules, mod_security or .htaccess related.

If it has a CF branding in the response body it could be some security setting like IP firewall, web application firewall, browser integrity check…

Bear in mind that Cloudflare’s free SSL only covers your root domain and all it’s subdomains on the 3rd level. (www., mail., shop. and so on). If you try to access
www.shop.example.com you may see a 403


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.