Using your own csr and rsa key generates error 1008

Good answer but you can also generate a free SSL certificate by Cloudflare but the issue confusing because you need to choose the LET Cloudflare GENERATE PRIVATE KEY AND CSR but also gives you the option to use your own CSR but generate errors like PRIVATE KEY CSR NOT VALID ERROR 1008. I performed a decoder function on the CSR and it comes out good but I knew it was a self signed certificate and I want it to play with the second option in the list that state “I HAVE MY OWN CSR AND PRIVATE KEY” in my conclusion it could be that the certificate is self signed so I think the Cloudflare team should update the documentation to say “I HAVE MY OWN CA SIGNED CSR AND PRIVATE KEY” or research why a self signed certificate will generate the csr 1008 error message. I’m was out doing some crypto investing and just came back to play with the server and found this so I said let me share it for the other newbies out there. GO AHEAD AND CHOOSE LET Cloudflare GENERATE PRIVATE KEY AND CSR and you should be fine I hope. Still @sdayman comment on using SSL full implementation should be hopefully applicable to this Cloudflare certificate…!!

The following articles can be use as reference for advance CSR issues:

https://support.cloudflare.com/hc/en-us/articles/200170576-I-am-seeing-The-key-could-not-be-parsed-How-come-

https://support.cloudflare.com/hc/en-us/articles/115000479507-Creating-and-managing-certificates-with-Origin-CA



jaja ok I tried the sefl generated ssl and guess what!!! what type of server do I have?? Im guessing is NGINX but the drop down should know or we should have an option to check on the dashboard… Im learning but feel I need to be at the executive level cashing out!! jajaja well guru’s take notes on this issue…csr install

Check this reference but the answer is not there…

https://support.cloudflare.com/hc/en-us/articles/218408028-How-to-install-an-Origin-CA-Certificate-Other-

ok after running netcraft I found out my server type… I should get an enterprise or business upgrade or be in the consulting and evaluation payroll staff with this stuff!!!

If you have such a server this are the instructions:

https://support.cloudflare.com/hc/en-us/articles/217471977-How-to-install-an-Origin-CA-certificate-in-NGINX

As the website implies, you should only paste your CSR in the CSR box. Not your private key and CSR.

Keeping your private key private is good security hygiene as well.

thanks bro I keep my RSA key where I keep my house keys and bitcoin wallet BUT what will hack; my youtube videos on mygoogle.us :wink: MAYBE I GET MORE VIEWS !! thanks I tried the CSR pasting the issue was bigger since to install them I need it to access the server and I think just having a domain and some Cloudflare apps don’t give me access to the console or cpanel or anything… The guys ran a universall ssl I’ll see if is running… let me see… NOT STILL NOT ACTIVE…

1 Like

An origin certificate is to secure the communication between Cloudfare and your origin server, not between an end user and Cloudfare So for what your crossposted issues reference (not having an issued free SSL certificate by Cloudflare) can’t be solved . y installing an origin certificate.

It’s likely that your domain has failed a brand check because you’re not Google. You can open a ticket with support to see if there is anything they can do, but installing an origin certificate isn’t a workaround.

ok that makes sense and should be including in the KB just clearing what an origin server cert is an a domain cert is… Im aware of the brand or company requirements I just didn’t understand the difference. I haven’t purchase a domain cert because mygoogle.us is just part of the test Im performing while working with the youtube google crew and testing the Cloudflare environment and other VPS servers. Is just a domain name and I already request the permissions from google they told me in two week send a reply… BUT THAT;S A GREAT CLARIFICATION it should be added into the KB thanks for clearing that out and it makes more sense now. So how do we test and origin certificate is working?? the only way I know is probably via the console:

openssl verify -CAfile <bundle.pem> <certificate.pem>

I ran some tools but I don’t see any way to confirm the origin certificate. base on the implementation this should be for paid plans an origin certificate will validate where your coming from but the site certs veryfy the content to my site is secured… Let me know if there’s an external tool to test Im just curious…

Check this tool I tested and it fails even at the origin the put another server I have at godaddy and it did a complete site SSL check; cool tool beyond the console… try it and share it with the guys.

https://www.ssllabs.com/ssltest/analyze.html?d=godaddy.com&latest

I like this one better it showed the origin passing the test and mygoogle.us failing… I know is GUI based jajaja but you won’t results for both with openssl…

Without having an edge certificate in place the way you would test is to open a browser and visit the origin directly (gray cloud the record at Cloudflare). It will present as being untrusted (which is true, we’re not a public CA) but will have the appropriate details.

NICE jaja but the last tool I sent is much clearer but from a guru’s point of view your answer is acceptable but testing it with the last tool yield the results for both the origin and website. So disabeling the Cloudflare will yield a negative result on both points… I’ll keep that in mind when talking to the higher tech community; downloading to brain repository on the Cloudflare CDN brain cell :blush: