SSL Server and Client Certificates from Cloudflare

Hi Folks,

I have a very specific question that I’m not sure how to (or if I can) make it work with cloudflare SSL.

I have an API set up on my host. The domain is managed with cloudflare at the moment.

I have installed a self signed certificate on the server, and my client has sent me an csr which I’ve signed and sent back.

Unfortunately the crappy system they are using to manage the certificates at their end seems incapable of working with self signed certificates because it can’t load the Root certificate for some reason (I won’t name them, but it’s a big API organization which amazes me).

Anyway, I now need to purchase some certs and thought doing it with cloudflare might be a good move.

I understand the whole teams thing can do WAY more than this, but at the moment all I really need is to work out how to generate a server certificate to install on my api end point, and a client certificate that will work with the server cert based on their csr.

I’ve looked at the docs and it seems capable of doing amazing things, but I really can’t work out how to do this.

Is it even possible with cloudflare? If it is, are the root certificates likely to exist in their stupid system?



Sorry, the only certs Cloudflare will give you copies of for the origin are essentially self-signed.

The only other method I can think of (other than buying an expensive cert from some ripoff company) is spin up a server under your domain and get Let’s Encrypt to generate a wildcard cert for you. The downside being that it’s only good for 90 days and you’ll have to keep up the renew/cut/paste cycle for eternity.

You might be able to incorporate the root cert in (since it isn’t probably in their default trust store). see (Optional) Step 4 in Managing Cloudflare Origin CA certificates – Cloudflare Help Center

It sounded not likely to me:

1 Like

To be clear I don’t want you (or anyone else) to spend more money with Cloudflare than possible… don’t get me wrong I will take you $$$ :slight_smile: but I want to solve real problems. If adding our cert to your root store doesn’t work please open a support ticket, link to this thread (reply to the auto-responder if necessary) and link to this ticket and ask them to @me if they don’t have a good answer. Maybe I have an idea to help… or not. Worth a shot.

1 Like

Thanks Guys. It looks horribly like I’m going to have to choke up some $$. These guys are a big corporate and simply don’t give a hoot about trying to do this properly.

There response to any of these issues is “we’ve never had this problem before”… uh hu… probably never done it properly before either.

Thanks for the input though @sdayman and @cscharff. If I had more time I’d muck around with this, but if I can’t just pay and run :slight_smile: its not going to work for me.

1 Like

Uh… let’s encrypt? Seriously SSL is a minor add-on in most provider’s revenue stream.