Origin certificate with AWS ELB

Hi,
We have AWS ELB with ACM certificates installed for SSL, now we configured DNS to route (proxy) request through cloudflare, we have origin certificate created at cloudflare and enabled end-end strict TLS option, now everything seem to be working fine, please note that origin certificate is not yet installed on ELB, few questions,

  1. wondering how this is working as the certificate in my origin (ELB) is different than what we have in cloudflare
  2. OR is it using ACM cert for communication, even this should fail as we did not install ACM cert in cloudflare

I am new to cloudflare, looking for some guidance here, Could someone please help with this?

From the visitor point of view, they will see Cloudflare certificates, as Cloudflare is the one directly facing the public.

From Cloudflare point of view, when Cloudflare access your ELB in AWS, Cloudflare will see the certificate created by AWS Certificate Manager.

So here’s what happened:

  1. Communication between visitor and Cloudflare will be encrypted using Cloudflare SSL certificate.
  2. Communication between Cloudflare and AWS ELB will be encrypted using AWS ACM SSL certificate.

In this case, since you have AWS ACM already in place, you don’t need the Cloudflare Origin Certificate to be installed. AWS ACM just works as it is a valid certificate.

1 Like

Thans for quick respons eric, this is helpful

1 Like

Remember to set SSL/TLS encryption mode to Full (Strict) mode for best encryption. It’s under SSL/TLS tab in Cloudflare dashboard.

1 Like