Regarding the free SSL certificate provided by CF

Certain mobile devices (eg. Blackberry) correctly block access to https sites with SSL certificates from unknown vendors, such as Cloudflare or Let’s Encrypt.

Now, Blackberry features a desktop tool to Import Certificates in either of these formats: cer, der, crt, cert, p7c, p7b, key, as shown here:

The question is, how can I download CF’s SSL certificates in order to install it on my device to allow browsing Cloudflare-protected sites? Thanks!

Open the certificate for a website in any web browser and you can download the root CA that you’re after - in DigiCert’s case, Baltimore CyberTrust Root.

DigiCert is far from an ‘unknown vendor’ and blocking them isn’t correct at all.

1 Like

Thanks, unfortunately this didn’t work quite well. But you are right about DigiCert, I was referring to the unkown certificate that CF creates (the intermediate CA called Cloudflare ECC CA-3 shown below)

I installed the exported certificate with this format:

On the device, the certificate appears as unverifiable:

When I click View Issuer there, it shows CF cert as unknown:

And when I click View Issuer there, it shows the valid cert from DigiCert you mentioned:

(all screenshots can be enlarged)

Side note: On the Intermediate Certificates tab from BB desktop tool, Cloudflare Inc ECC CA-3 was unchecked (not installed?). I checked it, synced certificates and now it appears as installed.

Any ideas will be appreciated, thank you.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.