Where to install ssl

I have web vm at azure, installed with apache2 and ssl. However, when I visit https my site, why I see ssl cert from cloudflare and not from mine ? Is this the right way ? Where should I install my ssl cert ?

Should I uninstall my ssl cert and rely on cloudflare ssl cert ?

Hi @tancy,

The Cloudflare Edge Certificate secures the connection between your visitor and Cloudflare (that’s why you see it in your browser), however you still need the cert on your server to secure the connection between Cloudflare and the origin.

Yes.

Absolutely not. As @domjh pointed out, you need it to complete the secure connection.

2 Likes

hmm What if users are expecting to view ssl cert to obtain my info to ensure it is not a phishing site ? They don’t know what is cloudflare.

Oh, like this place?

Or this?

1 Like

For ebay as example. When users click to view ssl cert info they expect to see my www domain there. If they see cloudflare as what you showed for shopify.com they will think it is phishing site, because users don’t know how cloudflare work.

I don’t really understand. Do you expect your users to know who DigiCert or Comodo are, but not Cloudflare? As long as the certificate is valid, I’m not clear on the issue.

2 Likes

If it’s that important to you, you’d have to upgrade to Business or Enterprise level plans so you can upload your own certificate, but it’s a pretty safe bet that it won’t matter to your users.

From digicert or comodo or goddy, they are just ca, at least users click in side able to view my domain there.

It is quite important for users to view banking site domain in ssl cert.

So your issue is that your domain is specified on the certificate as a SAN, not the CN?

You can change that with the paid Advanced Certificate Manager add-on.

If upgrade to business plan, does this mean i install my ssl cert at cloudflare and my web vm ?

“Absolutely not. As @domjh pointed out, you need it to complete the secure connection.”

Yes, you can use the same certificate in both places, so that is what will be presented to your visitors.

1 Like

When can I get more info for this advanced cert manager ?

Here are the docs:

https://developers.cloudflare.com/ssl/edge-certificates/advanced-certificate-manager

ACM does not allow you to upload a custom certificate like the Business Plan does, but lets you control the Cloudflare certificates issued.

hmmm, so to do what I wanted, must upgrade to Business plan then.

If you want to proxy your site through Cloudflare and present your own certificate, yes.

2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.