CloudFlare's "Universal SSL" Initiative

KH-Jared

Sysadmin
Staff member
I checked the domain and it now has a valid SSL certificate. So it really is a secured connection to CloudFlare's server that won't give your users a warning, if it does take some time for them to set up. For anyone that may come across this later, there are a couple things to think about.

First off, this certificate is for my domain as well as 19 0thers. This is something you could fix if you had a paid plan and provided your own certificate, but not on the free plan. Its not a large problem but I know more than a few people who might get irked by it.

I also strongly advise against using the flexible or full options, sticking to full (strict) when ever possible. Flexible really defeats the point because the connection is secured between point A and point B, but not all the way to point C.

Full is better because the connection all the way to your server is secured but the point of a valid SSL certificate is so users (or better yet their web browsers) know they are connecting to the right server. Full really looks to be a way around this. If for any reason, CloudFlare pointed to the wrong server, CloudFlare would continue to provide a valid SSL even though it wasn't your server. I can't think of a way to do this off the top of my head, but weirder things have happened.

Full without a valid SSL certificates also has the downside that you may set your site up to ONLY use SSL and redirect to SSL if they try to connect using an insecure connection. If CloudFlare has any issue or causes any problems and you decide to temporarily disable CloudFlare for your site to be up, suddenly your users will see a warning when they visit your site.

Overall, I know some people are going to do it any way, but if you're going to use this as a free SSL certificate, the least you can do is use a self-signed SSL on your server for the full secured connection. If you have any trouble doing this, we can help from support. But if you're really worried about security, I'd pay the yearly fee for a custom SSL certificate from one of the many providers.
 

Randy001

New Member
@KH-Jared I recently signed up for CloudFlare (long story short you suggested it via support ticket system).

So I have a few sites moved over to free CloudFlare and it seems to all work great. I'm eventually going to switch every site I have over to first pass through CF for DNS & CDN (& the security features too). I want to switch my sites to SSL also since that's going to be much more important in the future.

What is the easiest way to implement SSL? Can I just go to the $20/mo plan on CloudFlare and that's it? I am totally new to this, so I really don't know what to do. I need to set something up on the VPS but I have no clue how to do that process.

FYI my current CF setting is Flexible SSL. I would like to get it setup 100% and then force https for all visitors via CF.
 

Randy001

New Member
My bad, it was Derrick that recommended CF. I do not see a way to edit my previous post. Anyway, I'm still hoping to find out how to enable strict SSL.

I was thinking it would be nice to have SSL fully functional on one site before I switch it to CF to make sure it's working good, then transfer it to CF, I think that would be the most fool-proof plan.
 

phpAddict

Active Member
If you order an SSL cert from your registrar KH will help you install it on your website for you. If you use GoDaddy they have straight forward instructions for cPanel servers. If you use a different registrar the same instructions should still apply.
https://support.godaddy.com/help/article/5240/installing-ssl-certificates-on-your-cpanelwhm-server

The whole process shouldn't take you but a half hour, hour tops, even for your first try.
  1. Order your SSL cert from your registrar
  2. They'll ask you for some details (Including your CSR which you can produce in cPanel under SSL settings)
  3. Wait for them to issue you a cert.
  4. Download cert
  5. Install your new cert on your site under SSL settings, or have KH help. Some registrars (GoDaddy) have "Intermediate certs" which will also need to be installed.
  6. Access your website using https:// to see if it's working with no SSL errors
 
Top