SSL sertificate


#1

Hi everyone. Can you share the knowledges about external SSL. I have free account and i can push the button Create sertificate and get pem and key for install to my server for ‘Full mode’. Question is if i buy sertificate for 5$/mo can i do the same. To get pem and key for this sertificate?


#2

The origin certificates are to be installed on your server and can only be used for connections from Cloudflare when you proxy through Cloudflare. The paid dedicated certificates are only for the Cloudflare edge servers and will never leave their infrastructure.


#3

Did you mean that if i buy this sertificate button ‘Create sertificate’ won`t available?


#4

Origin certificates are not bought but free, however you can only use them when your hosts are proxied and you need to install them on your server.


#6

Sorry i mixed up account)) Can you explain how i should use dedicated sertificate for Full strict mode? Or i cant do it just Flexible mode


#7

But how i use Full mode strict with this sertificate 21%20PM

How i should put in to my server? Or i should use flexible mode?


#9

You should never use Flexible mode. Only one of the two Fulls. What exactly is not clear? You need to install a valid certificate on your server, thats all. That can be an origin certificate or any other like LetEncrypt for example.


#10

i understood. But my question is if i buy dedicated sertificate can i push this button


and get .key and .pem, download it and use on my server for ‘Full mode’?


#11

That button is exclusively related to free origin certificates. If you want a paid dedicated certificate you would only get it issued to your account but would not get the actual private key.


#12

But how i can use Full mode? IF i won’t have .pem and .key


#13

What I said before


#14

you mean i should use 2 certificates? 1 i will order on cloudflare and second at somewhere else?


#15

Please check out https://support.cloudflare.com/hc/en-us/articles/205177068-Step-1-How-does-Cloudflare-work- otherwise we are going in circles.

Yes, as long as you proxy there are always two certificates involved and in any case you need one on your server. Which one that is does not matter, get a paid one, get an LE or get a Cloudflare origin one. Up to you.

The only thing to keep in mind is that dedicated Cloudflare certificates are not for your server but for your Cloudflare account. You dont need to purchase one unless the free universal one is not good enough.


#16

Now i understand. Thank you) And sorry for stupid questions :slight_smile: