Unable to make use of Cloudflare Client Certificate to bind to Sites

Answer these questions to help the Community help you with Security questions.

What is the domain name?

Have you searched for an answer?

Please share your search results url:

When you tested your domain, what were the results?
Certificate cannot be used as a SSL server certificate.

Describe the issue you are having:
Trying to bind the SSL certificate to IIS and Azure.

What error message or number are you receiving?

What steps have you taken to resolve the issue?

Was the site working with SSL prior to adding it to Cloudflare?

What are the steps to reproduce the error:

Have you tried from another browser and/or incognito mode?

Please attach a screenshot of the error:

Welcome to the Cloudflare Community. :logodrop:

What is confusing about the error message? You are trying to use a client certificate as a server certificate. That is obviously not going to work.

Zoom out a little bit and tell us what you are hoping to accomplish so we can get you pointed in a better direction.

Could you possibly point me in the right direction. Which certificate option should use that will allow me to do so?

I would love to point you in the right direction, but you haven’t yet explained what you are trying do.

What do you want to accomplish?

If you are trying to secure an origin site that will only be accessed through the Cloudflare proxy, an Origin CA certificate is a good option. Origin CA certificates are only recognized by the Cloudflare proxy. Any attempts at direct access will produce an unknown issuer warning.

If you are trying to secure your origin against direct access and only respond to requests from Cloudflare, you want Authenticated Origin Pulls. Use your own certificate for stronger protection.

What do you want to accomplish?

I simply need a SSL certificate where Cloudflare is seen as the Issuer.
This should be able to (as seen in the screenshot), used on servers as well as cloud our cloud provider Azure.

I think dingoes may have eaten your screenshot. :doge:

That is going to be difficult because Cloudflare does not operate a publicly trusted CA. There were DigiCert certificates that were issued using a Cloudflare branded intermediate certificate, but those were phased out late last year. Any still seen in the wild will be replaced with certificates issued by a different CA sometime before their expiration date. No more certificates from that issuer are possible.

Proxied hostnames will use trusted certificates at the edge, but still need either a trusted certificate or Cloudflare Origin CA certificate on the origin server. As mentioned in my previous post, Cloudflare Origin CA certificates are only trusted by the Cloudflare proxy. That means that they will only work with :orange: proxied hostnames.

Thank you for the time and assistance with this.

You are welcome. Have you figured out what you need to do?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.