SSL for SaaS


I’m new to Cloudflare. We are trying to implement SSL for SaaS. Basically, we have the following use case:
We have an API endpoint on AWS (API Gateway / CloudFront) where we created custom domain name (api. domain. com, with cloudfront distribution som3random123. cloudfront. net) and we want to setup custom hostnames for our clients, so that we can offer to our clients access to our API endpoint using their subdomain (custom hostname).

For example:
Our API: api. domain. com
Clients domain: client1. com, client2. com
Goal: Client1 to access the API via api. client1. com, Client2 to access the API via api. client2. com, etc.

What we have done so far:

  1. Created CNAME record that points to our API (api. domain. com CNAME som3random123. cloudfront. net) - this works, we can successfully access the API via api. domain. com
  2. Created Fallback Origin that is the same as the CNAME record (api. domain. com)
  3. Created Custom Hostname (api. client1. com)
  4. Instructed our client to create CNAME record on his part, that points to our Fallback Origin (api. client1. com CNAME api. domain. com)

With all this, when we try to access the API via, we get “Error 525 SSL Handshake failed” error, even though certificate is valid and points to CloudFlare.

Any suggestions on how to proceed?

It’s been a little while since I tried my SaaS for Everyone, but I know that part of process is SSL generation for the added hostname.

I don’t think that’s called the fallback origin, but from your setup, I do believe that’s where their CNAME should point.

Hi sdayman

Thanks for the replay! I’m just following the steps from here → , and my guess is that I’m doing something wrong with the fallback origin part

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.