our web server proxied via Cloudflare. one client application using google go lang to access the web server randomly returning x.509 certification signed by unknown authority
web server → (no ssl) Cloudflare → (ssl) client application
do u know if this is related to client application or Cloudflare ssl cert issue?
For starters, unless you are on an Enterprise plan, you cannot access sites on HTTP which enforce HTTPS.
That being said, are you using Origin certificates? If so, they’d be “unknown” and will only work in a proxied context. If that is not the case, the issue definitely is with your server.
If you are saying the application is using your server and your server does not have a certificate, then you have a general security issue and would need to fix that first before anything else.
What does randomly mean in this context? Sometimes but not always? Only from a single server running this tool? From any location that attempts to run the tool? Something else?
All right, that’s exactly what I addressed in my last message. You have a general security issue here and need to fix that first. Your current encryption mode is an insecure legacy mode which should not be used and keeps your site without encryption.
thank you for your advice indeed. we need time to support full encryption mode. however, we need to fix the current issue experience by our client asap
A sporadic error from a single customer (absent any other supporting details) makes it much more likely to be an issue with their network than Cloudflare’s. If they can capture details in and around the error to demonstrate what certificate is displayed and other supporting details….
Ignore the client issue and fix your configuration. There’s nothing they have provided which points to a Cloudflare issue and if the customer is important enough that ‘not us, good luck’ isn’t a sufficient response then you /really/ need to fix the SSL before continuing to debug because sending data for an important customer in clear text over the internet is a much bigger problem than their random error.