Verify Cloudflare origin certificate

I am using Cloudflare Origin certificates for my websites. When I directly access the websites in my browser (without Cloudflare Cache) I get an error messag that the connection is not secure because the issuer of the certificate is unknown.

Therefore I downloaded the root certificate for Cloudflare Origins from:

However, I still get the error that the issuer could not be verified. What do I need to change that my browser accepts and verifies the Cloudflare Origin certificates?

You would have to add that Root Certificate to your computer. Or just set your browser/computer to Trust that origin cert. But remember that Cloudflare Origin certificates are not for public use. Anybody else trying to visit your site will get the same error unless your site is using Cloudflare as a front end.

Hi Sdayman,

That’s what I did. I installed the “Cloudflare Origin SSL ECC Certificate Authority” locally in my FireFox browser under “Import Certificates”. However, I still get the error message that the connection is unverified.

I am aware that this is not for public use. My use case is to have a webshop with Cloudflare cache on and some backend systems under a sub-domain without cache that only I have access to.

Why does FireFox still show the error message despite the fact that the root certificate is installed?

Thank you

Thsscreenshot shows that I have installed the Cloudflare Origin root certificate in FireFox:

However, I get the message “Cound not verify this certificate because the issuer is unknown” when I open the website that uses my certificate.

What do I have to do to enable FireFox to validate my certificate with the Cloudflare Origin Root certificate?

I use the RSA one, not ECC. It’s been a while since I’ve dabbled with it, but I thought worked on my Mac. It’s in my Login Keychain and set to Always Trust.

Unfortunately I am on Windows. It does neither work in FireFox nor Chrome or Edge. Do I miss an intermediate certificate or something?

This topic was automatically closed after 30 days. New replies are no longer allowed.