Should I turn cloudflare SSL off if i already have an SSL?


#1

Sorry for the noobish question but i really dont understand what area takes priority when looking for the SSL.

I just got cloudflare working and when looking at all the cloudflare settings I notice it says SSL is set to “full”. Should I change that to off since i already have the bluehost SSL?


#2

No need to turn it off. You’re fine with “Full”. But since you have a valid SSL certificate from Bluehost you should use Full (Strict). The difference is that

  • on “Full” your origin cert is not verified by Cloudlflare. You could use any certificate, Regardless if it is expired, selfsigned or not for your domain. All traffic between the visitor and your origin is still encrypted but you wouldn’t notice when someone replaces the certificate on your origin with his own one to perform a man in the middle attack. Most unlikely but possible.

  • “Full (Strict”) validates your certifitcate and throws an error if there is any issue. Expired, not issued for your domain and so on.