We created and downloaded a .crt and .key file from the cloudflare dashboard under SSL → Origin Server.
However the certificate is unsigned and therefore pretty useless.
How do we create signed certificates?
Was the site working with SSL prior to adding it to Cloudflare?
The certificates are signed by Cloudflare. Cloudflare is not a trusted certificate authority, so the certificates are only trusted by Cloudflare and can only be used in combination with the proxy.
You can get signed certificates from certificate authorities like LetsEncrypt.