I have recently setup a family website using Wordpress. Now I want to secure it properly. Is the unioversal cert provided by CF fine for most things or should I be investing some money in purchasing a cert from CF? I do not like sharing the universal cert with others, so what are my options? Ideally I would like to secure end to end but does that mean I need to provide a client side cert to all users of my website? If yes then that is not scalable, so what is one level down from that?
It is fine for the proxies, but you still need a certificate on your own server. Cloudflare does not have any paid services in this context but offers the Origin certificates which you can install on your server. Otherwise you can use any other valid certificate on your server too.
It’s rare for Universal certs to be shared amongst websites. It was common a while back, but all my new Universal certs only show sni.cloudflaressl.com, example.org, and *.example.org
Ok so I am following the instructions but CF provides two files, a .pem and a .key file. When I go to the instructions for installing on my web server it talks about 3 files, an intermediate and primary cert, as well as a .key file. I would assume the primary cert is the .pem file but where does the intermediate cert come from?
SSLCertificateChainFile became obsolete with version 2.4.8, when SSLCertificateFile was extended to also load intermediate CA certificates from the server certificate file.
And as for the content, a quick search will really explain that in no time. For example https://serverfault.com/questions/382633/difference-between-sslcertificatefile-and-sslcertificatechainfile