In the Safari browser, both iPhone and Mac desktop browsers, the padlock (Mac desktop) and entire URL (iPhone) used to show as green when DNS was pointed to our server directly. Since moving to Cloudflare, and Upgrading to their optional Edge Certificate, I’m still seeing no green in either instance. We have other subdomains that are NOT “Proxied” that show the green padlock and URL as they used to, but the subdomains and root domains that are “Proxied” no longer show the green.
Here’s a link to our site (keeping it hidden for SEO reasons since this is not a private forum)… https://tinyurl.com/yayo7zpz
Is it possible to get these green elements back, since obviously there are some security related elements that are now lacking with the URLs that are now Cloudflare Proxied.
Thanks Jake, but as I noted, I’m referring to Safari on Mac and iPhone. Something with those browsers is no longer showing the green elements noted in my OP.
Unfortunately I can’t since they’re protected corporate domains. Wish I could. What info are you looking for and I can potentially provide the info for you.
I am guessing that is why. The Cloudflare Universal SSL is DV. You can upload your EV cert on the Business plan, however, personally I don’t think EV certs are necessary.
Thanks for the info, but I don’t fully understand. Are you saying the CF Universal DV SSL is actually on par with, or better than our server-side EV cert?
Also, when you say you you don’t think EV certs are necessary, why?
Extended Validation certificates are theoretically ‘better’ than domain validation certificates. They are supposed to verify the organisation behind the site, not just the domain name. There is no difference in the strength of the encryption etc.
EV relies on the visitor making a decision whether to trust the site in the presence or absence of the indicator. The indicator has now been made far less prominent in most major browsers, and users generally don’t notice the difference!
This is explained in more detail in the post linked to above and in
It is up to you, you need both a Cloudflare and a server side certificate to secure the connection. If you want the EV cert in Cloudflare, you will need the business plan, though
It’s iOS iPadOS and MacOS - all WebKit based browsers stopped showing a green padlock in favor of a grey one. Nothing has changed on Cloudflare’s end; the security remains the same…
I do believe that coincidence of timing is to blame
EV Certs offer not just a green padlock but also color the beginning of the web address green to identify sites that paid too much $$$ for a level of protection that truly is no better than a cert one may obtain for free from, e.g., Let’s Encrypt. Now, there are those that include “insurance” up to a certain limit and under a limited set of circumstances. Most don’t offer anywhere near the money needed to pay a fine for data breaches, if any. The final difference is the application process, which will actually be simplified within the year as per CA’s recent voting on certain measures. Ofc they’d want it simplified since extended certs are, generally, outrageously expensive. They also voted against a reduction in cert lifetimes, which is needed, but that’s another subject entirely. For now, one has to “prove” you exist as a business, from multinationals to sole proprietors DBA [business name]. So in that regard, anyone can get en extended cert since the process of turning one’s self into a business (whether actual or not) is very simple. A Social Security Number is all you need to do it.
Good reading from Troy. @dzyner Think of it this way if you do want extended certificates - if Mozilla Firefox shows green, Google Chrome & Chromium show green, but Apple’s Safari does not nor do browsers on iOS iPadOS and MacOS due to the WebKit only rule imposed by Apple, is your extended cert actually no longer an extended cert?
is not green and one of it working as expected.