Does it support ECC and PEM ssl certificates? #79
-
on my docker file I put: # Copy your own certs into the container
COPY ./cf_bs_ECC_cert.pem /etc/ssl/site/server.crt
COPY ./cf_bs_ECC_key.pem /etc/ssl/site/server.key They was generated by Cloudflare to comunicate exclusively with Cloudflare proxy, but I think I shouldn't get this error in the browser accessing directly from the IP.
The cert used are in PEM format and uses ECC instead of RSA. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 2 replies
-
There is an extra cerf called "chain" or "origin root" but I don't know how to add it to the server, there is not documentation on the currently repo for this, and for sure I want to avoid change the easiness of user env variables over complete file configuration :| Some additional doc: https://developers.cloudflare.com/ssl/origin-configuration/origin-ca/#cloudflare-origin-ca-root-certificate |
Beta Was this translation helpful? Give feedback.
-
Hi @insign, Origin CA certificates allow you to encrypt traffic between Cloudflare and your origin web server and reduce origin bandwidth. These certificates are only trusted by Cloudflare when connecting to your origin server. If you try to connect directly to your origin server through your browser (or if Cloudflare is paused or the DNS record is not proxied), you will see a warning. Quoted:
Origin CA certificates · Troubleshooting This is expected behavior. |
Beta Was this translation helpful? Give feedback.
Not tested but if you have an intermediate certificate file (something like
cf_bs_ECC_intermediate.pem
), try this on your host machine before starting your container:cat cf_bs_ECC_intermediate.pem >> cf_bs_ECC_cert.pem
※ Note: please make a backup of your cert files.
Then use your PEM files as described above.