SSL for 3 webapps hosted on 3 differents servers under the same main domain

Answer these questions to help the Community help you with Security questions.

What is the domain name?

Have you searched for an answer?
Yes

Please share your search results url:

When you tested your domain using the Cloudflare Diagnostic Center, what were the results?

Describe the issue you are having:
I have 3 services :

Both contractors are requesting the SSL keys (public, intermediate, private) to implement TLS/SSL *.mydomain.io.
In Cloudflare, how to do that ?
Universal ssl is not giving me the private key.
I purchased an advanced certificate 10$/month but where do I get the private key ?

I read so many times CF documentation and spent hours searching and I have the impression that my subdomain web portal/services are automatically secured by CF so my contractors should not ask me the private key to install the SSL cert explicetly on their origin servers. Is it correct ?
May be, their request (from the contractors) corresponds to the full strict mode (secure origin with Cloudflare Origin CA certificate on the server) : I tried with one of them, creating an origin certificate but the contractor got the error in aws “provided certificate is not a valid self signed certificate”…

What error message or number are you receiving?

What steps have you taken to resolve the issue?

Was the site working with SSL prior to adding it to Cloudflare?

What are the steps to reproduce the error:

Have you tried from another browser and/or incognito mode?

Please attach a screenshot of the error:

You need certificates on the servers for connections between Cloudflare and the server. This is not the same as the Advanced Certificate.

You can use a Cloudflare Origin Certificate for this. Or, you can set up certbot or mod_md on the servers to get Let’s Encrypt certificates for free; the server admins should know how to do this. The main point is that this is a separate certificate from the one at Cloudflare that users see in their browsers.

2 Likes

Thanks, one key point I just realized is that end user certificates is working out of the box with CF as soon as your A records in the DNS setting have the proxy option on. I think this is definitively missing in the doc Overview · Cloudflare SSL/TLS docs. They should mention that explicitly. This gave me hours of trying to understand why my config was not working, buying advanced certificate for nothing etc…

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.