Dear team,
My website is using trust-signed certificate, and I enroll to CF as business package.
I’m using other DNS system, and can’t migrate DNS to CF. Then I using CNAME to CF, and CF cname to my IP
xxxx.abc.com CNAME xxxx.abc.com.cdn.cloudflare.net and A record to redirect
I need to test WAF function, but can’t ? Do we need to upload my certificate to CF, to ensure CF can intercept traffic from client to my website ?
Many thanks
SSL and WAF are not connected. WAF will work on any hostname that’s set to 
.
But if you have your own cert that you like, it would be a good idea to upload it here. Just make to keep doing that every time it renews.
If CF doesn’t have my SSL, how can they intercept and know some XSS and SQL Injection ?
Could you please help me to test OWASP - WAF in CF ?
Many thanks
Cloudflare is a reverse proxy. Visitors use Cloudflare SSL to connect to the Cloudflare proxy server. Cloudflare then decrypts the data, examines it, then uses your SSL to connect to your server.
Thanks your for information.
For almost proxy, we must add CA certificate to client browser. When i used WAF on premise, I also added my certificate to WAF.
Then in this case, if I don’t add my website to CF, may CF can’t intercept website traffic.