How to install a free TLS certificate signed by CloudFlare on your origin server?


If you are a webmaster, the probably heard about SSL certificates. SSL is an acronym of secure sockets layer. It enables the visitors to browse your website through the secure connection to the server. Data transferred to and from from visitors are encrypted.

A website that starts with HTTPS and a lock sign in a browser window, has SSL certificate. Gone are the days when buying a SSL certificates demands huge sum. Now, one can install it on origin server (host) without spending any additional money! SSL is important on the website because it stops information theft. The site lock at the start of web browser window provides the sense of satisfaction of security to visitors.

This means it is good for search engine optimisation. Google crawls website that has SSL otherwise it shall show the website is not secure to visitors. SSL is essential because of performance boost of the website that is going to improve page load times, search ranking boost as search engies preffer HTTPS websites.

It encrypts traffic with SSL means that attackers cannot see and find out informations send and receive and for regulatory compliance such as PCi compliance, SSL is a key component for approval.

What are origin certficates?

CloudFlare orgin certificates are TLS or SSL certificates issues by CloudFlare domain holders and these certificates to be installed on your origin server so that connection to website become end-to-end encryption for yours visitors. Followings are the procedure to install CloudFlare origin certificates to be installed on your origin servers (host).

  • First Setup Free CloudFlare CDN For Your WordPress Blog. Learn more
  • Open CloudFlare account. Move to CRYPTO
  • Scroll down to ORIGIN CERTIFICATES to generate a free TLS certificate signed by Cloudflare to install on your origin server.
  • Then click on CREATE CERTIFICATE.
  • You now reach to a pop-up windows namely ORIGIN CERTIFICATE INSTALLATION.
  • Do not change anything, scroll down click NEXT
  • In the next window, you will find ORIGIN CERTIFICATE and PRIVATE KEY
  • Save both certificate and private key at a safe place.
  • Click SAVE to save both certificate and key inside CloudFlare account.

According to CloudFlare:

Save both the private key and certificate below to your web server. To save, copy the contents of the boxes below and paste them into different files on your web server, e.g., example.com.pem and example.com.key. After saving, select your web server from the dropdown and click the “Show Instructions” button for an installation guide.

Copy the contents of your private key below to your web server and set file permissions such that only your http server can access it. Additionally, you can optionally encrypt this file and provide a password to decrypt it during your origin web server startup. The private key data will not be stored at Cloudflare and will no longer be accessible once the creation is complete. Please make sure you have a local copy of this key.

CloudFlare origin Certificate Installation on Origin Server:

  • Log in to cPanel, with username and password.
  • Scroll down to SECURITY and click on SSL/TLS and open it.
  • According to cPanel SSL/TLS is:
    The SSL/TLS Manager will allow you to generate SSL certificates, certificate signing requests, and private keys. These are all parts of using SSL to secure your website. SSL allows you to secure pages on your site so that information such as logins, credit card numbers, etc are sent encrypted instead of plain text. It is important to secure your site’s login areas, shopping areas, and other pages where sensitive information could be sent over the web.
  • Then click on INSTALL AND MANAGE SSL FOR YOUR SITE (HTTPS)
  • Now you reach at Manage SSL Hosts
  • According to cPanel MANAGED SSL HOSTS is,
    An SSL certificate can secure one or more domains; to create an SSL host for a domain, you must have a certificate that secures that domain. Each SSL certificate has a matching key file that must also be present to install the certificate. SSL certificates for production use usually also require a CA bundle, which this page will automatically try to obtain from the server; in the event that the server cannot find the required CA bundle, you will need to paste it here.
  • Scroll down and in the DOMAIN select your domain for example mohanmekap.com
  • Then in the CERTIFICATE place, paste orgin certificate copied from CloudFlare and then scroll down and in PRIVATE KEY (KEY) paste the private key copied from CloudFlare Origin Certificate drawn from CloudFlare.
  • In the third column of MANAGED SSLL HOSTS, namely CERTIFICATE AUTHORITY BUNDLE (CA BUNDLE), which is not required.
  • So, in short, you only have to paste two keys one is Origin Certificate and the other is Private Key and ignore the third column which is CERTIFICATE AUTHORITY COLUMN and then click on INSTALL CERTIFICATE and you are done.
  • Wait for utmost 24 to 48 hours to show up SSL on your website. During these times, your site will be down. As during this time yours non-HTTPS site will be transferred to HTTPS.
  • According to CloudFlare SSL for a website is a must and it is free from CloudFlare for websites those have CloudFlare CDN (Content Delivery Network). It may take up to 24 hours after the site becomes active on CloudFlare for the new certificate to show. These are free SSL certificates signed by CloudFlare and it is automatically updated.

Related Posts:


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.