SSL for Sub-domain pointing to third party SaaS app

I am trying to configure SSL support for a private domain:listen.genroe.com that points to a SaaS survey company: Alchemer

I have created an Origin Certificate with Cloudflare.

I loaded the Certificate, Private Key and Cloudflare’s ca_ecc_root certificate into Alchemer and it Validated.

But I am getting a NET::ERR_CERT_AUTHORITY_INVALID error when testing a valid link ([https://listen.genroe.com/s3/2022-Axiom-Customer-Feedback]

Chrome says - “This CA Root certificate is not trusted…” and Alchemer says it doesn’t know who the Issuer is.

Does anyone have any ideas that the issue might be?

From the documentation:

https://developers.cloudflare.com/ssl/origin-configuration/origin-ca/#troubleshooting

Site visitors may see untrusted certificate errors if you pause or disable Cloudflare on subdomains that use Origin CA certificates. These certificates only encrypt traffic between Cloudflare and your origin server, not traffic from client browsers to your origin.

If you are trying to use this certificate to serve visitors directly without Cloudflare proxy :orange: on, then visitors will definitely see the error.

1 Like

Eric - you’re a champion! Switched to Proxied and it now works perfectly. Thank you for your help.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.