Origin SSL problem


#1

Hello,
I’ve got some problem with origin SSL form my server. I’ve turned ON cloudflare proxy on my domain and I noticed that my SSL changed into cloudflare ssl. I’ve read about that and checked that my SSL is on FULL option. It should load SSL from my server instead of cloudflare free SSL certyficate. 24 hours have passed when I turned ON CF proxy.
Can you tell my, why I couldn’t see my origin SSL certyficate??

Kind Regards


#2

Another thing is that becouse of this case my monitorings crashed becouse of SSL:
Sample log:
IOError: [Errno socket error] [Errno 1] _ssl.c:492: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure" of type "string" is not suitable for value type "Numeric (unsigned)"


#3

When Cloudflare proxies a connection it becomes the SSL termination endpoint for client connections and they will see the certificate at Cloudflare’s edge. Cloudflare will then initiate a separate connection to the origin, if needed, over SSL since you’re set to Full which then secures the connection between Cloudflare and your origin.


#4

@cscharff I understand this but why cloudflare doesn’t proxy my SSL? WHich option should I set to get my origin ssl on my domain??


#5

Do you have an SSL certificate installed on your origin server? What error do you receive when you attempt to visit the site with the SSL set to full?


#6

@cscharff yes, I have. It works without Cloudflare proxy. I have set my SSL in crypto tab to Full and it haven’t impact on my site. Still I see cloudflare ssl instead of mine from origin server.


#7

If Cloudflare is proxying the request, they will see the SSL certificate we have on our edge (see my original response). If you want them to see your certificate you either need to upload your certificate to Cloudflare (business plan) or not have the request proxied by Cloudflare.


#8

Do you mean that I can use my own origin SSL certyficate only in Bussiness Plan when I want to use cloudflare proxy??


#9

You can continue to use it on your origin. If you want to use the one you have now one on our edge, that is a feature available in the business or enterprise plans. We provide one for free and also offer dedicated certificates or SAN certificates ordered and managed through Cloudflare at any plan level.


#10

This topic was automatically closed after 14 days. New replies are no longer allowed.