I'm trying to wrap my head around how SSL for SaaS is supposed to work...

Trying to set up Cloudflare (with SSL for SaaS) in front of an AKS cluster. I have a main domain, app.mydomain.com that customers in my SaaS platform can use. They can also setup their own vanity domains, like app.customerdomain.com, and use that instead.

I've got the current setup:

- Partial CNAME setup in Cloudflare for mydomain.com
- CNAME record in AWS for app.mydomain.com -> app.mydomain.com.cdn.cloudflare.net
- CNAME record in Cloudflare for app.mydomain.com -> myakscluster.cloudapp.azure.com
- CNAME record in AWS for app.customerdomain.com -> app.mydomain.com (vanity url for customers)
- Fallback Origin in Cloudflare set to app.mydomain.com
- Custom Hostname in Cloudflare for app.customerdomain.com
- Generated a Cloudflare CA cert for *.mydomain.com and using that in the AKS cluster

app.mydomain.com is working, but app.customerdomain.com is giving a "526 Invalid SSL certificate". I'm guessing that is because the cert in AKS is generated for *.mydomain.com, but I'm not allowed to generate a cert for app.customerdomain.com (since it's not part of the Cloudflare setup). 

What are my options? Do I have to use Full ("not strict") SSL mode, or what is the recommeneded way of solving this issue?`Preformatted text`

Looks like I accidentally put all of it in a blockquote… And I guess there’s no edit button? Well, hope you can read it anyway

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.