Using Full (strict) SSL mode with SSL for SaaS

I'm trying to wrap my head around how SSL for SaaS is supposed to work...

Trying to set up Cloudflare (with SSL for SaaS) in front of an AKS cluster. I have a main domain, app.mydomain.com that customers in my SaaS platform can use. They can also setup their own vanity domains, like app.customerdomain.com, and use that instead.

I've got the current setup:

- Partial CNAME setup in Cloudflare for mydomain.com
- CNAME record in AWS for app.mydomain.com -> app.mydomain.com.cdn.cloudflare.net
- CNAME record in Cloudflare for app.mydomain.com -> myakscluster.cloudapp.azure.com
- CNAME record in AWS for app.customerdomain.com -> app.mydomain.com (vanity url for customers)
- Fallback Origin in Cloudflare set to app.mydomain.com
- Custom Hostname in Cloudflare for app.customerdomain.com
- Generated a Cloudflare CA cert for *.mydomain.com and using that in the AKS cluster

app.mydomain.com is working, but app.customerdomain.com is giving a "526 Invalid SSL certificate". I'm guessing that is because the cert in AKS is generated for *.mydomain.com, but I'm not allowed to generate a cert for app.customerdomain.com (since it's not part of the Cloudflare setup). 

What are my options? Do I have to use Full ("not strict") SSL mode, or what is the recommeneded way of solving this issue?`Preformatted text`

Looks like I accidentally put all of it in a blockquote… :joy: And I guess there’s no edit button? Well, hope you can read it anyway :smile:

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.