Has anyone here successfully uploaded a Cloudflare-generated UCC SSL cert to an Acquia Enterprise account?
What would the issue be?
Well, supposedly (according to the Cloudflare (CF) sales rep) a CF UCC SSL cert will only work properly if the domains are proxied through Cloudflare. That doesn’t seem to make much sense to me but I don’t know how CF’s certs, in particular, work, I’ve had no issues using a Starfield/GoDaddy cert on Acquia but I’ve never used one from CF. I was just wondering if anyone had experienced any issues with SSL cert viability in such a setting.
There are two types of certificates on Cloudflare. Proxy ones, these you will never manage yourself but they are managed by Cloudflare and only reside on the proxy instances, and origin ones, which are not publicly recognised and only signed by a Cloudflare internal certificate. The latter one you can actually install on your machine, however it will only be accepted in the context of a proxied connection. Publicly it will be rejected like any self signed certificate.
Hi Sandro,
Thank you for responding to me. So, if all domains/sub-domains on the CF-supplied UCC SSL cert are pointed to CF nameservers/hosted by CF, the cert should work normally?
I am really not sure which UCC certificate you are referring to. Are you referring to Cloudflare certificates which you install on your server or to Cloudflare certificates which solely reside on the proxies?
Are you possibly talking about an account on an Enterprise plan?
Cloudflare certificates issued by our CA partners aren’t available for export and installation on other servers. We don’t provide the private keys for them.
Cloudflare has origin certificates which are issued by Cloudflare and trusted by Cloudflare, but not meant to be public facing which may work if the site would be proxied by Cloudflare, but you’d need to confirm with Acquia as to whether or not they support uploading that certificate type to their server/service for your plan type.
This topic was automatically closed after 30 days. New replies are no longer allowed.