Question about Dedicated SSL Certificate


#1

Can I export the Dedicated SSL Certificate, install it in my web server(nginx) and using it for other program?

I have a websocket program that needs a certificate that includes the public key and the private key.

Only when client using the certificate visit cloudflare and cloudflare access to my origin server are the same, after that my websocket program worked, otherwise websocket will get an error when client try to create a channel.


#2

No. https://support.cloudflare.com/hc/en-us/articles/228009108-Dedicated-SSL-Certificates

I don’t understand why you need Cloudflare’s server certificate to achieve what appears to be “only allow websocket connections if they passed through Cloudflare”. It sounds like what you really want is that only Cloudflare will be able to contact your service; Unless you from some reason want such a limitation to be on the same hostname as other traffic that does NOT have to go through Cloudflare, I see no reason not to use the standard solution of making sure that only Cloudflare can connect to you; That is done with a client certificate presented by Cloudflare, and not by the identity of the cert on the web server, dedicated or not, which on the server would always be the same regardless of where the client has been connecting from.

So, if what you really want is to make sure that only Cloudflare can connect to you - make your site respond only in HTTPS, and enable “Authenticated Origin Pulls” under the “Crypto” tab, and have your nginx validate Cloudflare’s free client certificate. https://support.cloudflare.com/hc/en-us/articles/204494148