Oct 2, 2016

CloudFlare SSL Overview

Want a free SSL Certificate for your server/website? Enable HTTPS connection with the CloudFlare solution for free, look here how and understand its limitations.

If you have a website/server you can enable for free the HTTPS/SSL connection using the free CloudFlare account, however, here somethings that you must know, CloudFlare will issue through its partner Comodo a certificate for your custom domain plus its subdomains, hence the wildcard:

The certificate process starts automatically after you add a website/server into your CF account, the status can be seen at the 'Crypto' option, and when it's done, you'll see this:

The certificate took me about 8 hours to be active. Now the trick part, they offer some kinds of SSL, the default is called "Flexible", look:

Flexible will use the HTTPS/SSL connection between the users and CF, but after that, the connection from CF to your server remain HTTP, so keep in mind that your HTTP connection still vulnerable, however you can whitelist just the CF ip range to access your server, look here an example. For a full SSL connection (between the users and your server), you must choose the 'Full' option instead of 'Flexible', but then your server will need to support SSL/HTTPS connection too (self-signed certificates will work, but CloudFlare show us some better alternatives here and here):

If your server doesn't supports HTTPS connection and you chose the "Full" option, then the users will see a screen like this:

That's all !

0 comentários :

Post a Comment