How to install an Origin CA Certificate (Other)

Origin CA SSL Certificate Installation

  1. Obtain private key and origin certificate pair

    After completing the steps to generate the private key and origin certificate, download both in the format described within the link below. Typically this format will either be PEM, DER, or PKCS#7.

  2. Copy the key and cert pair to your origin server

    Copy the key and certificate files to the directory on your server where you will keep your key and certificate files. The instructions below specific to your web server should indicate this location.

  3. Follow the instructions below to enable the certificate and restart your server if necessary

    If your web server is one of the following, click the link to view installation instructions:

    Otherwise, choose your web server from the list below. Note that you will be taken to an external website run by one of our CA partners, DigiCert.

  4. Optionally upgrade your SSL setting to Strict mode

    Log in to the Cloudflare dashboard, click the Crypto app, and change the SSL setting at the top of the page from Flexible or Full (strict). You should only make this change if all of your origin hosts are protected by Origin CA certificates or publicly trusted certificates.

Cloudflare Origin CA Certificate is only trusted by Cloudflare and therefore should only be used by origin servers that are actively connected to Cloudflare. If at any point you pause or disable Cloudflare, your Origin CA certificate will throw an untrusted certificate error.

Cloudflare would like to thank DigiCert for providing this content.

Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Powered by Zendesk