What are Origin Certificates?

Hello Cloudflare community!,
I’m proxying my app through Cloudflare for the CDN and WAF to work, however, after this I noted that my certificate is now issued by Cloudflare.

Is there a way of avoiding this?, I read somethine like Origin Certificates but, I’m not sure what are these. Can someone enlight me in my getting started on Cloudflare journey?

This isn’t an origin certificate (those are only for servers). Is there something that’s not working?

The thing is that my web SSL Certificate now is issued by Cloudflare, but I need to add my own one

Business and Enterprise plans can upload personal certificates:

https://developers.cloudflare.com/ssl/edge-certificates/custom-certificates

Oh, thank you for the aclaration. Is then the only way to add a custom certificate, even for one webpage to go up to Business or Enterprise?.

Just for information since, I was a little confused on it, what are then Origin Certificates?

Origin certificates are for servers that don’t already have a certificate. Cloudflare can generate one that’s recognized as unique and valid for that website for Cloudflare to proxy it.

https://developers.cloudflare.com/ssl/edge-certificates/custom-certificates

1 Like

So, can’t I use a Custom origin certificate as I want?, sorry if it is a noob question and thank you for your help!

You can put your own origin certificate on the proxy server if you have a Business or Enterprise plan.

1 Like

I understand that SSL certificates are the ones showed for example, on the page’s lock. Showing that the page is safe.

However, I don’t understand at all what are Origin Certificates?, are they the same, similar or what exactly do they do?, just to be sure they are not what I’m looking for.

Why?

When using Cloudflare, there are two certificates needed.

The Edge Certificate is generally a Cloudflare managed Universal Certificate. This is what the user sees. You can subscribe to Advanced Certificate Manager if the Universal Cert does not fit your needs, and Custom Certificates are available to users on Business and Enterprise plans.

The Origin Certificate protects traffic from Cloudflare to your Origin web server. This can be a certificate from a normal CA, like Let’s Encrypt. You can also use Cloudflare Origin Certificates. These are only valid if your hostname is :orange: on Cloudflare, and if you use them on :grey: hostnames users will see errors.

1 Like

I see… I’m basically trying to understand if I need to go up to Business Plan, since what I need is the user to see my certificate on their browser instead of Cloudflare’s… My app needs some sensitive data from the user in some situations so, I need them to be sure it is I, or my company.

So, as I understand by the explanation, SSL certificates are the ones from the Cloudflare proxy to my user, so it would be what I’m looking for?.

The origin ones protect only the Cloudflare proxy to my server so, are a no go?

Personally, I wouldn’t bother. And neither do some really big names on the Internet. Amazon doesn’t even do this. Last I checked even the top ranking Alexa sites were at about a 5% adoption rate.

And on a mobile browser? I can’t even look at the cert.

But you’re certainly welcome to spend $200/month so your customers have the option to dig for that cert if they want to.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.