Wildcard certificate from Cloudflare 'Origin Certificates' is not working with Azure webApps

Question

I am using the free version of Cloudflare and I created a wildcard SSL certificate for 1 level subdomain using 'Origin Certificates', upload this on Azure web app and configured the wild card subdomain on Cloudflare without the traffic goes through Cloudflare. It gives me the below error.

Error: http://prntscr.com/ormgne

NET::ERR_CERT_AUTHORITY_INVALID

Subject: CloudFlare Origin Certificate

Issuer: CloudFlare, Inc.

Cloudflare Settings: http://prntscr.com/ormgye

Azure webApp settings: http://prntscr.com/ormhop

My application is a multitenant and creating a subdomain dynamically.

Screenshots provided above.

Expected Result: The SSL should be enabled on wildcard subdomain.

Answer 1

It should be like that. Because the origin Certificates you created from Cloudflare are only valid for encryption between Cloudflare and your origin server.

It is only used to protect the traffic between your server and Cloudflare.

However, Cloudflare is not a trusted CA issuer, if you access your website directly (without Cloudflare), your browser will not trust the Certificate. You can consider the Certificate as a self-signed Certificate.

To solve this:

1. You can purchase a SSL Certificate from trust issuer. For example: DigiCert, GoDaddy or Let's Encrypt (free)

2. Or, you can turn on the protection to make the traffic go through Cloudflare.