I have downloaded the pem file from this guide: https://support.cloudflare.com/hc/en-us/articles/204899617 and I have activated Authenticated Origin Pulls for my domain. My webapp is hosted on Azure, and I have set the webapp to forward the client certificate. I have installed the pem file on my webapp, and I now want to check if the client certificate sent by Cloudflare matches this origin-pull-ca.pem downloaded from the above guide, and it doesn’t.
The origin-pull-ca.pem, it is the downloaded pem file from the guide, and number two is what Cloudflare is transmitting on the wire:
- origin-pull-ca.pem: Thumbprint: 1F5BA8DCF83E6453DD75C47780906710901AD641 (Additional info: CN=origin-pull.cloudflare.net, S=California, L=San Francisco, OU=Origin Pull, O=“CloudFlare, Inc.”, C=US)
- Sent from Cloudflare: Thumbprint: A27996CBA564D24731BC76439C48920C1F7D4AA3 (Additional info: OU=Origin Pull, O=“Cloudflare, Inc.”, L=San Francisco, S=California, C=US)
Shouldn’t they match?