I’m new to Cloudflare. We are trying to implement SSL for SaaS. Basically, we have the following use case:
We have an API endpoint on AWS (API Gateway / CloudFront) where we created custom domain name (api. domain. com, with cloudfront distribution som3random123. cloudfront. net) and we want to setup custom hostnames for our clients, so that we can offer to our clients access to our API endpoint using their subdomain (custom hostname).
Our API: api. domain. com
Clients domain: client1. com, client2. com
Goal: Client1 to access the API via api. client1. com, Client2 to access the API via api. client2. com, etc.
What we have done so far:
- Created CNAME record that points to our API (api. domain. com CNAME som3random123. cloudfront. net) - this works, we can successfully access the API via api. domain. com
- Created Fallback Origin that is the same as the CNAME record (api. domain. com)
- Created Custom Hostname (api. client1. com)
- Instructed our client to create CNAME record on his part, that points to our Fallback Origin (api. client1. com CNAME api. domain. com)
With all this, when we try to access the API via api.client1.com, we get “Error 525 SSL Handshake failed” error, even though certificate is valid and points to CloudFlare.
Any suggestions on how to proceed?