SSL Mismatch Error Ignored by Cloudflare

I’ve noticed strange behavior with cloudflare and mismatching origin SSL certificates.

With encryption set to Full (Strict):

With CF proxy off:

  • CNAME www.my-site.com -> my-site.com
  • CNAME my-site.com -> google.com

Result:

  • www.my-site.com gives certificate mismatch error (expected)
  • my-site.com gives certificate mismatch error (expected)

Whereas, with CF proxy on:

  • CNAME www.my-site.com -> my-site.com
  • CNAME my-site.com -> google.com

Result

  • www.my-site.com gives 526 error (expected)
  • my-site.com loads google.com <- Why does cloudflare accept google.com’s certificate as valid for my site?

Good question. When I look at the Google cert, it has a ton of alt names, but they’re all somewhat specific. When proxied, I get a 404 page from Google. But still with Full (Strict).

@rommy is an SSL guy. Maybe he knows.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.