Using Cloudflare Origin Certificates on CDN - Intermediate Certificate Missing

I’m attempting to use my Cloudflare Origin Certificate on MaxCDN. I’ve added the key, domain certificate and root certificate but receive NET::ERR_CERT_AUTHORITY_INVALID when testing.

According to this thread the proper structure I need for the CA bundle is:-

----BEGIN CERTIFICATE-----
(Your Primary SSL certificate: your_domain_name.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate: DigiCertCA.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate: TrustedRoot.crt)
-----END CERTIFICATE-----

However it isn’t clear to me what intermediate certificate I should be using or where I should get it from, or if the origin certificate is appropriate for this use.

Yes, that is the contents of the first link in the above post, and no matter what order that is added it does not work and requests the intermediate certificate.

Browse to cdn.londonpropertymatch.com

In this case it should be sufficient to take the first certificate from that link.

It should be, but that doesn’t work. Nor does adding the root CA because there is no intermediate CA.

It’s not like I haven’t tried vairious permutations.

Looks like it works now, at least in my browser Chrome 70.

It does throw a CERT_AUTHORITY_INVALID error, and that’s because the Origin certificates are not trusted by any browsers. Cloudflare origin certificates are only designed for communication between Cloudflare -> origin, and won’t work if the DNS entry is :grey: (not proxied). For the origin certificate to work, either turn on CF proxy (:orange:) or use a third-party SSL issuer like LetsEncrypt to get a trusted certificate.

2 Likes

Yes - you should be able to see both the certificates in place and the order in your browser (in chrome click the NET::ERR_CERT_AUTHORITY_INVALID error message)

Thanks - not appropriate for this use then. Pity.

This topic was automatically closed after 30 days. New replies are no longer allowed.