Geekdosage
  • Home
  • Computer hardware
    • GPU
      • AMD
      • Nvidia
    • Processor
  • Linux
    • CentOS
    • Ubuntu
  • Docker
  • Computer Software
    • Operating System
      • Windows
      • MacOS
      • Android
  • Gaming
  • Computer Science
    • Network Engineering
    • Comparisons

Geekdosage

  • Home
  • Computer hardware
    • GPU
      • AMD
      • Nvidia
    • Processor
  • Linux
    • CentOS
    • Ubuntu
  • Docker
  • Computer Software
    • Operating System
      • Windows
      • MacOS
      • Android
  • Gaming
  • Computer Science
    • Network Engineering
    • Comparisons
CentOSComputer ScienceHow toLinuxUbuntu

How To Install Cloudflare Origin SSL Certificate with Nginx.

by GeekDosage July 20, 2021
written by GeekDosage July 20, 2021
Install Cloudflare Origin SSL Certificate with Nginx

With Cloudflare, you can generate a root certificate, a free TLS certificate signed by Cloudflare. And you can install it on your webserver to secure the connection between your server and the Cloudflare proxy servers. Cloudflare Original Certificates’ main feature is the validity of the certificate, which can be up to 15 years and include all your subdomain replacement card.

Create Your Origin Certificate

First, go to your Cloudflare dashboard and, in the Crypto section, click Create Certificate. If you have already generated a CSR or the Certificate Signing Request and a private key, you can copy your CSR content to generate your Cloudflare Original Certificate. Or click Next to generate your certificate allowing you to generate a private key for Cloudflare. It is better for you to choose an ECDSA private key over RSA, as ECDSA provides better performance and an encryption level than RSA. Cloudflare will show you your private key and your Certificate of Origin after you click the Next button. Be sure to save your private key before closing your web browser tab, as Cloudflare will no longer display it.  

Then you can create a new file and copy the contents of your private key in this file. Then create another file, your domain-TLD-cert. Pem, and copy your root certificate’s contents in this file. So you can create a folder in /etc/nginx to store your private key and your certificate of origin. As an example, you can put your certificate and your private key in /etc/nginx/ssl.

Add Cloudflare Root Certificates Authorities (Optional)

This step is not necessary because Nginx will not attempt to validate your original CA certificate chain. It will only check your SSL certificate and your private key for any errors. To add Cloudflare Root Certification Authority to your Original Certificate, you must download them from the Cloudflare website. And also, integrate your root certificate with the root certificate. You can download the Cloudflare root certificate with the following command:

For RSA private keys, follow this command.

wget -O cloudflare_root.pem https://support.cloudflare.com/hc/en-us/article_attachments/206709108/cloudflare_origin_rsa.pem

For ECDSA private keys, follow this command.

wget -O cloudflare_root.pem https://support.cloudflare.com/hc/en-us/article_attachments/206709098/cloudflare_origin_ecc.pem

Besides, to combine your Certificate of Origin and Cloudflare Root Certificate, you can use the cat command:

cat your domain-TLD-cert.pem cloudflare_root.pem > your domain-TLD-cert.pem

Install Your Origin Certificate With Nginx

Your root certificate can now be installed with Nginx.

  • To do so, you must edit your Nginx vhost.
  • Especially if your server is running with EasyEngine and how to add SSL / TLS configuration by following this simple method:
listen 443 SSL http2;
listen [::]:443 SSL http2;
ssl on;
ssl_certificate /etc/nginx/ssl/yourdomain-tld-cert.pem;
ssl_certificate_key /etc/nginx/ssl/yourdomain-tld-key.pem;
  • Further, if your server is running Nginx 1.15.0 or later, you can also remove the line as SSL on;
  • Besides, you can reload your Nginx configuration with
nginx -t && systemctl reload nginx
  • Now that your Cloudflare Origin certificate is installing on your server, you can change the SSL settings on your Cloudflare dashboard to “full (strict).”  
Cloudflare Full(strict mode)
  • If you wish to force redirection from HTTP to HTTPS, you can enable the “Always use HTTPS” and “Automatic rewrite HTTPS” options using your Cloudflare dashboard.
Always use HTTPS on

Read More:

How to change the forgotten root password in CentOS 8
How to Create a Private Docker Registry in Ubuntu 20.04

GeekDosage
cloudflare certificate with nginxcloudflare with nginxhttpsnginx
0 comment
0
FacebookTwitterPinterest
previous post
How to Stop all Docker Containers
next post
How to connect to your VirtualBox VM from your Host OS using SSH

Related Posts

How to fix “dial unix /var/run/docker.sock: connect: permission...

August 10, 2021

How to connect to your VirtualBox VM from...

August 8, 2021

How to Stop all Docker Containers

June 8, 2021

Cloudflare Origin SSL vs. Let’s encrypt SSL

May 9, 2021

Best 10 Docker Hosting Services

April 7, 2021

How to Exit Vim

March 11, 2021

SCP Linux – Securely Copy Files in Linux...

February 22, 2021

How to Copy, Paste and Delete in Vim...

February 7, 2021

How to Copy Files Between Linux Servers Using...

February 4, 2021

passwd: Module is unknown issue in Ubuntu

January 26, 2021

Leave a Comment Cancel Reply

Save my name, email, and website in this browser for the next time I comment.

In This Article

  • 1 Create Your Origin Certificate
  • 2 Add Cloudflare Root Certificates Authorities (Optional)
  • 3 Install Your Origin Certificate With Nginx
  • 4 Read More:

Keep in touch

Facebook Twitter Google + Instagram Pinterest Email

Popular Posts

  • How to change the forgotten root password in CentOS 8

  • How to remove/delete user in Linux

  • How to Create a Private Docker Registry in Ubuntu 20.04

  • How to Build a Docker Image from Dockerfile

About Geekdosage

Geekdosage is a technology based website which mainly focuses on network engineering, computer science, automation, computer hardware and software and internet technologies. Our purpose is to create a platform where anyone can access the subject areas without barriers.

Recent Posts

  • How to fix “dial unix /var/run/docker.sock: connect: permission denied” error

    August 10, 2021
  • How to connect to your VirtualBox VM from your Host OS using SSH

    August 8, 2021

Find us

Facebook Twitter Instagram Pinterest Email
  • About Us
  • Contact Us
  • Disclaimer
  • Terms and Conditions
  • Cookie Privacy policy
  • Privacy Policy
  • DCMA

@2021 - All Right Reserved | Designed and Developed by GeekDosage